<div dir="ltr"><div>Hi Bill,</div><div><br></div><div>The problem was that the proxy did not ask the user to &quot;login&quot;, but it was my error because I had forgotten to configure the &quot;constraints&quot; section in proxy.json </div><div><br></div><div>The issue I am having now is that the &quot;sign out&quot; from another application in the same realm, doesn&#39;t sign out the user in the proxied application (the &quot;session&quot; cookie is still present) - should I configure something special regarding this?</div><div><br></div><div>Here it is my working configuration now:<br></div><div> {</div><div>    &quot;target-url&quot;: &quot;<a href="http://localhost:8280/">http://localhost:8280/</a>&quot;,</div><div>    &quot;send-access-token&quot;: true,</div><div>    &quot;bind-address&quot;: &quot;localhost&quot;,</div><div>    &quot;http-port&quot;: &quot;8080&quot;,</div><div>    &quot;applications&quot;: [</div><div>        {</div><div>            &quot;base-path&quot;: &quot;/backend&quot;,</div><div>            &quot;error-page&quot;: &quot;/error.html&quot;,</div><div>            &quot;adapter-config&quot;: {</div><div>                &quot;realm&quot;: &quot;demo&quot;,</div><div>                &quot;resource&quot;: &quot;proxy&quot;,</div><div>                &quot;realm-public-key&quot;: &quot;MIGfMA0GCSqGSIb3DQEBAQUAA4GN....&quot;,</div><div>                &quot;auth-server-url&quot;: &quot;<a href="http://localhost:8180/auth">http://localhost:8180/auth</a>&quot;,</div><div>                &quot;ssl-required&quot; : &quot;external&quot;,</div><div><span class="" style="white-space:pre">                </span>&quot;principal-attribute&quot;: &quot;name&quot;,</div><div>                &quot;credentials&quot;: {</div><div>                    &quot;secret&quot;: &quot;4ef4196d-9e86-4795-9219-dc1288b87c2b&quot;</div><div>                }</div><div><br></div><div>            }</div><div><span class="" style="white-space:pre">        </span>    ,</div><div>            &quot;constraints&quot;: [</div><div>                {</div><div>                    &quot;pattern&quot;: &quot;/*&quot;,</div><div>                    &quot;roles-allowed&quot;: [</div><div>                        &quot;user&quot;</div><div>                    ]</div><div>                }</div><div>            ]</div><div>            </div><div>        }</div><div>    ]</div><div>}</div><div><br></div><div>Thanks,</div><div>Adrian</div><div><br></div><div>Message: 1</div><div>Date: Fri, 20 Nov 2015 10:09:59 -0500</div><div>From: Bill Burke &lt;<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>&gt;</div><div>Subject: Re: [keycloak-user] Proxy configuration issue (Bill Burke)</div><div>To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></div><div>Message-ID: &lt;<a href="mailto:564F37C7.9010007@redhat.com">564F37C7.9010007@redhat.com</a>&gt;</div><div>Content-Type: text/plain; charset=windows-1252; format=flowed</div><div><br></div><div>That all looks right.  What are the problems you are seeing?  I don&#39;t</div><div>see them listed explicitly in this email thread.</div><div><br></div><div>On 11/20/2015 6:31 AM, Adrian Matei wrote:</div><div>&gt; Hi Bill,</div><div>&gt;</div><div>&gt; Thank your for your answer, but I still don&#39;t seem to get Keycloak to</div><div>&gt; &quot;catch&quot; my requests against the protected application.</div><div>&gt; Let me make the scenario clear:</div><div>&gt;</div><div>&gt; 1. Application to be protected runs on http://localhost:*8280*/backend</div><div>&gt;</div><div>&gt; 2. Server proxy started and runs on http://localhost:*8080*, when I type</div><div>&gt; <a href="http://localhost:8080/backend">http://localhost:8080/backend</a> in the browser I see the protected application</div><div>&gt;</div><div>&gt; 3. Keycloak server runs on http://localhost:*8180*/auth</div><div>&gt;</div><div>&gt; 4. The adapter config in the &quot;applications&quot; section corresponds now the</div><div>&gt; proxy client I have  configured in the Keycloak realm:</div><div>&gt;</div><div>&gt;     Client ID: proxy</div><div>&gt;</div><div>&gt;     Client Protocol: openid-connect</div><div>&gt;     Access Type: confidential</div><div>&gt;     Valid Redirect URIs: <a href="http://localhost:8080/backend/*">http://localhost:8080/backend/*</a></div><div>&gt;</div><div>&gt;</div><div>&gt; I am not sure how to configure the proxy Server - now I have the following:</div><div>&gt; {</div><div>&gt;      &quot;target-url&quot;: &quot;*<a href="http://localhost:8280/*">http://localhost:8280/*</a>&quot;, ???</div><div>&gt;      &quot;send-access-token&quot;: false,</div><div>&gt;      &quot;bind-address&quot;: &quot;localhost&quot;,</div><div>&gt;      &quot;http-port&quot;: &quot;8080&quot;, ???</div><div>&gt;      &quot;applications&quot;: [</div><div>&gt;          {</div><div>&gt;              &quot;base-path&quot;: &quot;*/backend*&quot;,</div><div>&gt;              &quot;error-page&quot;: &quot;/error.html&quot;,</div><div>&gt;              &quot;adapter-config&quot;: {</div><div>&gt;                  &quot;realm&quot;: &quot;demo&quot;,</div><div>&gt;                  &quot;resource&quot;: &quot;*proxy*&quot;,</div><div>&gt;                  &quot;realm-public-key&quot;:</div><div>&gt; &quot;MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB&quot;,</div><div>&gt;                  &quot;auth-server-url&quot;: &quot;<a href="http://localhost:8180/auth">http://localhost:8180/auth</a>&quot;,</div><div>&gt;                  &quot;ssl-required&quot; : &quot;external&quot;,</div><div>&gt;                  &quot;principal-attribute&quot;: &quot;name&quot;,</div><div>&gt;                  &quot;credentials&quot;: {</div><div>&gt;                      &quot;secret&quot;: &quot;4ef4196d-9e86-4795-9219-dc1288b87c2b&quot;</div><div>&gt;                  }</div><div>&gt;              }</div><div>&gt;          }</div><div>&gt;      ]</div><div>&gt; }</div><div>&gt; Questions:</div><div>&gt; 1. The target-url I set it to the URL of the application the proxy</div><div>&gt; server is proxying - this means the server can only proxy applications</div><div>&gt; on the same URL?</div><div>&gt; 2. What am I doing wrong :((((?</div><div>&gt;</div><div>&gt;</div><div>&gt; Thanks a bunch,</div><div>&gt; Adrian</div><div>&gt;</div><div>&gt; &quot;Can&#39;t really see the screenshot, but you have to point keycloak to the</div><div>&gt; host/port of the proxy.</div><div>&gt;</div><div>&gt; On 11/19/2015 9:13 AM, Adrian Matei wrote:</div><div>&gt;  &gt; Hi everyone,</div><div>&gt;  &gt;</div><div>&gt;  &gt; I am trying to make a simple test and configure a keycloak proxy to</div><div>&gt;  &gt; protect an application running on <a href="http://localhost:8280/backend/">http://localhost:8280/backend/</a></div><div>&gt;</div><div>&gt;      &gt;on looks like the following:</div><div>&gt;      &gt;</div><div>&gt;      &gt; {</div><div>&gt;      &gt;      &quot;target-url&quot;: &quot;<a href="http://localhost:8280/">http://localhost:8280/</a>&quot;,</div><div>&gt;      &gt;      &quot;send-access-token&quot;: false,</div><div>&gt;      &gt;      &quot;bind-address&quot;: &quot;localhost&quot;,</div><div>&gt;      &gt;      &quot;http-port&quot;: &quot;8080&quot;,</div><div>&gt;      &gt;      &quot;applications&quot;: [</div><div>&gt;      &gt;          {</div><div>&gt;      &gt;              &quot;base-path&quot;: &quot;/backend&quot;,</div><div>&gt;      &gt;              &quot;error-page&quot;: &quot;/error.html&quot;,</div><div>&gt;      &gt;              &quot;adapter-config&quot;: {</div><div>&gt;      &gt;                  &quot;realm&quot;: &quot;demo&quot;,</div><div>&gt;      &gt;                  &quot;resource&quot;: &quot;sandbox-backend&quot;,</div><div>&gt;      &gt;                  &quot;realm-public-key&quot;:</div><div>&gt;      &gt;</div><div>&gt;     &quot;MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB&quot;,</div><div>&gt;      &gt;                  &quot;auth-server-url&quot;: &quot;<a href="http://localhost:8180/auth">http://localhost:8180/auth</a>&quot;,</div><div>&gt;      &gt;                  &quot;ssl-required&quot; : &quot;external&quot;,</div><div>&gt;      &gt;                  &quot;credentials&quot;: {</div><div>&gt;      &gt;                      &quot;secret&quot;: &quot;9323cdd6-7e0e-46ce-814f-b5ac79581395&quot;</div><div>&gt;      &gt;                  }</div><div>&gt;      &gt;              }</div><div>&gt;      &gt;          }</div><div>&gt;      &gt;      ]</div><div>&gt;      &gt; }</div><div>&gt;      &gt;</div><div>&gt;      &gt; 2.</div><div>&gt;      &gt; I&#39;ve started the proxy server as specified in the documentation &quot;java</div><div>&gt;      &gt; -jar bin/launcher.jar proxy.json&quot;</div><div>&gt;      &gt; I am getting an error &quot;ERROR: UT005026: Jetty ALPN support not</div><div>&gt;     found on</div><div>&gt;      &gt; boot class path, SPDY client will not be available.&quot;, but the server</div><div>&gt;      &gt; still starts, I don&#39;t think there should be a problem with that...</div><div>&gt;      &gt;</div><div>&gt;      &gt; 3. In the admin console (keycloak running on port 8180) I&#39;ve</div><div>&gt;     configured</div><div>&gt;      &gt; the backend application like the following:</div><div>&gt;      &gt;</div><div>&gt;      &gt; Could you tell me what I am doing wrong? When I put in the app&#39;s</div><div>&gt;     url in</div><div>&gt;      &gt; the browser it goes directly to the application...</div><div>&gt;      &gt;</div><div>&gt;      &gt; Thanks,</div><div>&gt;      &gt; Adrian&quot;</div><div>&gt;</div><div>&gt;</div><div>&gt;</div><div>&gt; _______________________________________________</div><div>&gt; keycloak-user mailing list</div><div>&gt; <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></div><div>&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div><div>&gt;</div><div><br></div><div>--</div><div>Bill Burke</div><div>JBoss, a division of Red Hat</div><div><a href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></div></div>