<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 7 April 2016 at 17:36, Chris Pitman <span dir="ltr"><<a href="mailto:cpitman@redhat.com" target="_blank">cpitman@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Isn't that documentation for setting up keycloak behind a reverse proxy? I have the keycloak appliance setup already, and can execute an OAuth flow *as long as the redirect_uri passed by the application is correct*.<br></blockquote><div><br></div><div>Yep you're right, I was a bit hasty with that reply. Sorry.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
The problem is that the Keycloak Proxy is passing the wring redirect_uri to keycloak. HTTPD is passing the x-forwarded-proto header to the proxy. And I don't believe the proxy has a configuration file where you can modify the undertow configuration. The only configuration I am aware of for the proxy is documented here: <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#d4e3464" rel="noreferrer" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#d4e3464</a></blockquote><div><br></div><div>Can't really help you there, I've got no clue about the Keycloak Proxy</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Am I missing something?<br>
<div class="HOEnZb"><div class="h5"><br>
----- Original Message -----<br>
> <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e397" rel="noreferrer" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e397</a><br>
><br>
> On 7 April 2016 at 06:24, Chris Pitman <<a href="mailto:cpitman@redhat.com">cpitman@redhat.com</a>> wrote:<br>
><br>
> > Hey everyone,<br>
> ><br>
> > I'm trying to setup Keycloak Proxy to protect access to a legacy<br>
> > application. Right now we have HTTPD setup as a reverse proxy that<br>
> > terminates TLS and then passes through the request via HTTP to the legacy<br>
> > app. What I want to do is put the Keycloak Proxy in between HTTPD and the<br>
> > app.<br>
> ><br>
> > I've got it running, but the problem is the URL the proxy passes as the<br>
> > redirect url to keycloak. It is passing an "http://" url, which then<br>
> > doesn't match the configured redirect_urls in Keycloak. I'm assuming it<br>
> > does this since I'm using the HTTP port on the proxy.<br>
> ><br>
> > How can I get Keycloak Proxy to pass a redirect url with a "https://"<br>
> > scheme, even when not connecting via https to the proxy itself?<br>
> ><br>
> > Thanks,<br>
> > Chris Pitman<br>
> > Architect, Red Hat Consulting<br>
> ><br>
> > _______________________________________________<br>
> > keycloak-user mailing list<br>
> > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> ><br>
><br>
</div></div></blockquote></div><br></div></div>