<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello Scott,</p>
<p>I've got the spring security and tomcat keycloak adapters both as
a project dependency for each service (as I'm running the services
in Tomcat 8 embedded servers). Basically I want to base my
security in Spring Security, that's why I chose this adapter over
the Spring Boot adapter.</p>
<p>As the behaviour states, a redirection is made first to the
/sso/login endpoint, then other one to the keycloak authorization
server. The question is, as a redirection is a mere instruction
stated from the server to the browser, which chances do I have to
send the original x-forwarded headers to the keycloak
authorization server, so that it can make the redirection to the
url requested at the very beginning (to the reverse proxy)?</p>
<p>I could implement a playground scenario for you if you happen to
require it.</p>
<p>Many thanks<br>
</p>
<br>
<div class="moz-cite-prefix">31/05/2016 20:14(e)an, Scott Rossillo
igorleak idatzi zuen:<br>
</div>
<blockquote
cite="mid:D8C74651-F010-49A7-92AF-3A771D68C560@smartling.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Hi Artiz,
<div class=""><br class="">
</div>
<div class="">So just to be clear, which Keycloak adapter are you
using? The Spring Boot Adapter or the Spring Security Adapter?</div>
<div class=""><br class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">Scott
Rossillo</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">Smartling |
Senior Software Engineer</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class=""><a
moz-do-not-send="true"
href="mailto:srossillo@smartling.com" class=""><a class="moz-txt-link-abbreviated" href="mailto:srossillo@smartling.com">srossillo@smartling.com</a></a></div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
</div>
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On May 31, 2016, at 3:13 AM, Aritz Maeztu <<a
moz-do-not-send="true"
href="mailto:amaeztu@tesicnor.com" class=""><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">I've got
some Spring Boot application instances with embeded
Tomcat servlet containers. Tomcat has a similar system
to Wildfly for request dumpering, that's what I have
enabled for getting the trace below. In short words
that's the behaviour I'm able to see:<span
class="Apple-converted-space"> </span><br class="">
</p>
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">1. Zuul
Proxy (Spring Boot in Tomcat) -> Organization Service
(8083 port) : A forward request where X-forwarded
headers are included</p>
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">2.
Organization Service (localhost:8083) : Looks for a
token and if it's not available, the keycloak adapter
redirects to the /sso/login of the same service (Here
the traceability from the proxy gets losts)</p>
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">3.
localhost:8083/sso/login: Redirects to the keycloak
wildfly server, saving the requested url<span
class="Apple-converted-space"> </span><br class="">
</p>
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">4.
Keycloak login: The user performs the authentication and
the redirectUri is localhost:8083/sso/login. Later on,
the login endpoint redirects the user to the url
requested in point 2, not the first one from the proxy.</p>
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">I only
have this problem when my organization service needs to
verify the token (or a token doesn't exist) using the
keycloak adapter. When the /sso/login endpoint is not
requested, everything is working properly. Hope I've
explained it well!<br class="">
</p>
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<div class="moz-cite-prefix" style="font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color:
rgb(255, 255, 255);">31/05/2016 7:15(e)an, Stian
Thorgersen igorleak idatzi zuen:<br class="">
</div>
<blockquote
cite="mid:CAJgngAfQUcz1hJwqkpOgr3j9DCxfxdgc_iA73Coyfc7j1EnLJQ@mail.gmail.com"
type="cite" style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<div dir="ltr" class="">Where is your app deployed? If
it's on WildFly you can follow the same steps used to
configure reverse proxy for Keycloak Server to
configure WildFly. Check if getRequestURL returns the
correct URL in your app.</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On 30 May 2016 at 15:08,
Aritz Maeztu<span class="Apple-converted-space"> </span><span
dir="ltr" class=""><<a moz-do-not-send="true"
href="mailto:amaeztu@tesicnor.com"
target="_blank" class="">amaeztu@tesicnor.com</a>></span><span
class="Apple-converted-space"> </span>wrote:<br
class="">
<blockquote class="gmail_quote" style="margin: 0px
0px 0px 0.8ex; border-left-width: 1px;
border-left-color: rgb(204, 204, 204);
border-left-style: solid; padding-left: 1ex;">
<div bgcolor="#FFFFFF" text="#000000" class="">
<p class=""><br class="">
</p>
<div class=""><br class="">
<br class="">
-------- Birbidalitako mezua --------
<table class="" border="0" cellpadding="0"
cellspacing="0">
<tbody class="">
<tr class="">
<th class="" align="RIGHT"
nowrap="nowrap" valign="BASELINE">Gaia:</th>
<td class="">Re: [keycloak-user]
Redirection issue with proxy behind
keycloak</td>
</tr>
<tr class="">
<th class="" align="RIGHT"
nowrap="nowrap" valign="BASELINE">Data:</th>
<td class="">Mon, 30 May 2016 13:28:21
+0200</td>
</tr>
<tr class="">
<th class="" align="RIGHT"
nowrap="nowrap" valign="BASELINE">Nork:</th>
<td class="">Aritz Maeztu<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:amaeztu@tesicnor.com"
target="_blank" class=""><a class="moz-txt-link-rfc2396E" href="mailto:amaeztu@tesicnor.com"><amaeztu@tesicnor.com></a></a></td>
</tr>
<tr class="">
<th class="" align="RIGHT"
nowrap="nowrap" valign="BASELINE">Nori:</th>
<td class=""><a moz-do-not-send="true"
href="mailto:stian@redhat.com"
target="_blank" class="">stian@redhat.com</a></td>
</tr>
<tr class="">
<th class="" align="RIGHT"
nowrap="nowrap" valign="BASELINE">CC:</th>
<td class="">Niels Bertram<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:nielsbne@gmail.com"
target="_blank" class=""><a class="moz-txt-link-rfc2396E" href="mailto:nielsbne@gmail.com"><nielsbne@gmail.com></a></a>,
keycloak-user<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank" class=""><a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a></a>,
Scott Rossillo<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:srossillo@smartling.com"
target="_blank" class=""><a class="moz-txt-link-rfc2396E" href="mailto:srossillo@smartling.com"><srossillo@smartling.com></a></a></td>
</tr>
</tbody>
</table>
<div class="">
<div class="h5"><br class="">
<br class="">
<p class="">I've done all the traceability
from the proxy server till the login
page is displayed:</p>
<p class="">First step,
/organization/organizations is
requested, so the proxy server knows it
has to be forwarded to the 8083 port
(the one for the organization service).
That's the first request received by my
application's Tomcat:</p>
<p class=""><font class="" face="Courier
New" size="-2">2016-05-30
13:01:18.888 INFO 18096 ---
[nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9 START
TIME =30-may-2016 13:01:18<br
class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
requestURI=/organizations<br class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
authType=null<br class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
characterEncoding=UTF-8<br class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
contentLength=-1<br class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
contentType=null<br class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
contextPath=<br class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=accept-language=es-ES,es;q=0.8<br
class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=x-forwarded-host=mies-057:8765<br
class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=x-forwarded-prefix=/organization<br
class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=upgrade-insecure-requests=1<br
class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=accept-encoding=gzip<br
class="">
2016-05-30 13:01:18.888 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br
class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=user-agent=Mozilla/5.0 (Windows
NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko)
Chrome/50.0.2661.102 Safari/537.36<br
class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=netflix.nfhttpclient.version=1.0<br
class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=x-netflix-httpclientname=organization<br
class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=host=mies-057:8083<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=connection=Keep-Alive<br
class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
locale=es_ES<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
method=GET<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
pathInfo=null<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
protocol=HTTP/1.1<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
queryString=null<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
remoteAddr=192.168.56.1<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
remoteHost=192.168.56.1<br class="">
2016-05-30 13:01:18.889 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
remoteUser=null<br class="">
2016-05-30 13:01:18.890 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
requestedSessionId=null<br class="">
2016-05-30 13:01:18.890 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
scheme=http<br class="">
2016-05-30 13:01:18.890 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
serverName=mies-057<br class="">
2016-05-30 13:01:18.890 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
serverPort=8083<br class="">
2016-05-30 13:01:18.890 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
servletPath=/organizations<br class="">
2016-05-30 13:01:18.891 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
isSecure=false<br class="">
2016-05-30 13:01:18.891 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
------------------=--------------------------------------------</font></p>
<p class="">Here x-forwarded-host is
mies-057:8765 (the proxy server) and
x-forwarded-prefix is /organization. So
the original request is kept in the
headers. Well, now my service (8083)
tries to check for authorization via the
/sso/login endpoint from the keycloak
spring security adapter:<br class="">
</p>
<p class=""><font class="" face="Courier
New" size="-2">2016-05-30 13:01:18.892
DEBUG 18096 --- [nio-8083-exec-9]
o.k.a.s.management.HttpSessionManager
: Session created:
CDCA7AD4439DE94BD0B3B5803DAA0752<br
class="">
2016-05-30 13:01:18.892 DEBUG 18096
--- [nio-8083-exec-9]
k.a.s.a.KeycloakAuthenticationEntryPoint
: Redirecting to login URI /sso/login<br
class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
------------------=--------------------------------------------<br
class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
authType=null<br class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
contentType=null<br class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=X-Content-Type-Options=nosniff<br
class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=X-XSS-Protection=1; mode=block<br
class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=Cache-Control=no-cache,
no-store, max-age=0, must-revalidate<br
class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=Pragma=no-cache<br class="">
2016-05-30 13:01:18.892 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=Expires=0<br class="">
2016-05-30 13:01:18.893 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=X-Frame-Options=DENY<br
class="">
2016-05-30 13:01:18.893 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=Set-Cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752;
Path=/; HttpOnly<br class="">
2016-05-30 13:01:18.893 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
header=Location=<a
moz-do-not-send="true"
href="http://mies-057:8083/sso/login"
target="_blank" class=""><a class="moz-txt-link-freetext" href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a></a><br
class="">
2016-05-30 13:01:18.893 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
remoteUser=null<br class="">
2016-05-30 13:01:18.893 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
status=302<br class="">
2016-05-30 13:01:18.893 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9 END
TIME =30-may-2016 13:01:18<br
class="">
2016-05-30 13:01:18.893 INFO 18096
--- [nio-8083-exec-9]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-9
===============================================================<br
class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10 START
TIME =30-may-2016 13:01:18<br
class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
requestURI=/sso/login<br class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
authType=null<br class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
characterEncoding=UTF-8<br class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
contentLength=-1<br class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
contentType=null<br class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
contextPath=<br class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752<br
class="">
2016-05-30 13:01:18.902 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=host=mies-057:8083<br class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=connection=keep-alive<br
class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br
class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=upgrade-insecure-requests=1<br
class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=user-agent=Mozilla/5.0 (Windows
NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko)
Chrome/50.0.2661.102 Safari/537.36<br
class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=accept-encoding=gzip, deflate,
sdch<br class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=accept-language=es-ES,es;q=0.8<br
class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
header=cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752<br
class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
locale=es_ES<br class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
method=GET<br class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
pathInfo=null<br class="">
2016-05-30 13:01:18.903 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
protocol=HTTP/1.1<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
queryString=null<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
remoteAddr=192.168.56.1<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
remoteHost=192.168.56.1<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
remoteUser=null<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
requestedSessionId=CDCA7AD4439DE94BD0B3B5803DAA0752<br
class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
scheme=http<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
serverName=mies-057<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
serverPort=8083<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
servletPath=/sso/login<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
isSecure=false<br class="">
2016-05-30 13:01:18.904 INFO 18096
--- [io-8083-exec-10]
o.a.c.filters.RequestDumperFilter
: http-nio-8083-exec-10
------------------=--------------------------------------------<br
class="">
2016-05-30 13:01:18.904 DEBUG 18096
--- [io-8083-exec-10]
o.k.adapters.PreAuthActionsHandler
: adminRequest<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://mies-057:8083/sso/login"
target="_blank" class=""><a class="moz-txt-link-freetext" href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a></a><br
class="">
2016-05-30 13:01:18.904 DEBUG 18096
--- [io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter
: Request is to process authentication<br
class="">
2016-05-30 13:01:18.904 DEBUG 18096
--- [io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter
: Attempting Keycloak authentication<br
class="">
2016-05-30 13:01:18.904 TRACE 18096
--- [io-8083-exec-10]
o.k.adapters.RequestAuthenticator
: --> authenticate()<br class="">
2016-05-30 13:01:18.904 TRACE 18096
--- [io-8083-exec-10]
o.k.adapters.RequestAuthenticator
: try bearer<br class="">
2016-05-30 13:01:18.904 TRACE 18096
--- [io-8083-exec-10]
o.k.adapters.RequestAuthenticator
: try oauth<br class="">
2016-05-30 13:01:18.905 DEBUG 18096
--- [io-8083-exec-10]
o.k.a.s.token.SpringSecurityTokenStore
: Checking if
org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator@d328c2d
is cached<br class="">
2016-05-30 13:01:18.905 DEBUG 18096
--- [io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator
: there was no code<br class="">
2016-05-30 13:01:18.905 DEBUG 18096
--- [io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator
: redirecting to auth server<br
class="">
2016-05-30 13:01:18.905 DEBUG 18096
--- [io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator
: callback uri:<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://mies-057:8083/sso/login"
target="_blank" class=""><a class="moz-txt-link-freetext" href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a></a><br
class="">
2016-05-30 13:01:18.905 DEBUG 18096
--- [io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter
: Auth outcome: NOT_ATTEMPTED<br
class="">
2016-05-30 13:01:18.905 DEBUG 18096
--- [io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator
: Sending redirect to login page:<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true"><a class="moz-txt-link-freetext" href="http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true">http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true</a></a></font></p>
<p class="">As it's shown in the logs, the
X-forwarded logs are not kept by the
keycloak adapter (look at the lines
below<span class="Apple-converted-space"> </span><font
class="" face="Courier New" size="-2">k.a.s.a.KeycloakAuthenticationEntryPoint
: Redirecting to login URI /sso/login</font>).
So could it be the proxy server itself
being properly configured but the
keycloak adapter losing the original
headers while performing the
redirection?</p>
<p class="">I've also set up the request
dumper in the undertow server as Niels
suggested, but obviously, X-forwarded
headers are not reaching the keycloak
server..</p>
<p class="">Thanks for your time, again
;-)<br class="">
</p>
<p class=""><br class="">
</p>
<br class="">
<div class="">25/05/2016 7:22(e)an, Stian
Thorgersen igorleak idatzi zuen:<br
class="">
</div>
<blockquote type="cite" class="">
<div dir="ltr" class="">You need the
Host and X-Forwarded-For headers to be
included and there's also some config
to be done on the Keycloak server
(see <a moz-do-not-send="true"
href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding"
target="_blank" class="">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding</a>)</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On 24 May
2016 at 08:46, Aritz Maeztu<span
class="Apple-converted-space"> </span><span
dir="ltr" class=""><<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br
class="">
<blockquote class="gmail_quote"
style="margin: 0px 0px 0px 0.8ex;
border-left-width: 1px;
border-left-color: rgb(204, 204,
204); border-left-style: solid;
padding-left: 1ex;">
<div bgcolor="#FFFFFF"
text="#000000" class="">
<p class="">Hi Niels and Scott.
First of all, thank you very
much for your help. I'm
currently using Zuul (Spring
Cloud) as the reverse proxy.
All the services are
registered in a discovery
service called Eureka and then
Zuul looks for the service id
there and performs de
redirection. I read about<span
class="Apple-converted-space"> </span><font class="" face="monospace,
monospace">X-Forwarded
headers, but I thought it
might result in a security
issue if not included, not
that it could affect the
redirection process.<span
class="Apple-converted-space"> </span><br
class="">
</font></p>
<p class=""><font class=""
face="monospace, monospace">As
Scott says, I suppose the
Host and the X-Real-Ip
headers are the relevant
ones here, so I guess I
should instruct Zuul to send
them when the service is
addressed (however I wonder
why they are not already
being sent, as Zuul is a
proxy service, all in all).</font></p>
Here I include a preview of the
first redirection made to the
keycloak login page, which shows
the request headers sent to the
service /login endpoint (at port
8081 in localhost):<br class="">
<br class="">
<a moz-do-not-send="true"
href="https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0"
target="_blank" class="">https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0</a><br
class="">
<br class="">
<div class="">24/05/2016
2:08(e)an, Niels Bertram
igorleak idatzi zuen:<br
class="">
</div>
<div class="">
<div class="">
<blockquote type="cite"
class="">
<div dir="ltr" class="">Hi
Artitz,
<div class=""><br
class="">
</div>
<div class="">a great
way to figure out what
is sent from the
reverse proxy to your
keycloak server is to
use the undertow
request dumper.
<div class=""><br
class="">
</div>
<div class="">From the
jboss-cli just add
the request dumper
filter to your
undertow
configuration like
this:</div>
<div class=""><br
class="">
</div>
<div class="">
<div class=""><font
class=""
face="monospace,
monospace">$KC_HOME/bin/jbpss-cli.sh
-c</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/subsystem=undertow/configuration=filter/custom-filter=request-dumper:add(class-name=io.undertow.server.handlers.RequestDumpingHandler,
module=io.undertow.core)</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/subsystem=undertow/server=default-server/host=default-host/filter-ref=request-dumper:add</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/:reload</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif">given
your apache
config looks
something like
this:</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyRequests Off</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPreserveHost On</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyVia On</font></div>
<div class=""><br
class="">
</div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPass /auth ajp://<a
moz-do-not-send="true"
href="http://127.0.0.1:8009/auth" target="_blank" class="">127.0.0.1:8009/auth</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPassReverse /auth ajp://<a
moz-do-not-send="true"
href="http://127.0.0.1:8009/auth" target="_blank" class="">127.0.0.1:8009/auth</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif">you
should see
something like
that (forwared
info is somewhat
rubbish in this
example as I am
running the
hosts on
Virtualbox - but
you can see this
request was put
through 2
proxies from
local pc
192.168.33.1 to
haproxy on
192.168.33.80
and then apache
reverse proxy on
192.168.33.81 ):</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">==============================================================</font></div>
<div class=""><font
class=""
face="monospace,
monospace">23:47:20,563
INFO
[io.undertow.request.dump]
(default
task-14)</font></div>
<div class=""><font
class=""
face="monospace,
monospace">----------------------------REQUEST---------------------------</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
URI=/auth/welcome-content/favicon.ico</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> characterEncoding=null</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentLength=-1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentType=null</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept=*/*</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept-Language=en-US,en;q=0.8,de;q=0.6</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Cache-Control=no-cache</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept-Encoding=gzip,
deflate, sdch</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=DNT=1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Pragma=no-cache</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Original-To=192.168.33.80</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=User-Agent=Mozilla/5.0
(Windows NT 6.1;
WOW64)
AppleWebKit/537.36
(KHTML, like
Gecko)
Chrome/50.0.2661.102
Safari/537.36</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Authorization=Basic
bmljZSB0cnkgYnV0IGFtIG5vdCBmcm9tIHllc3RlcmRheQo=</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-Proto=https</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-Port=443</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-For=192.168.33.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Referer=<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://login.vagrant.dev/auth/"><a class="moz-txt-link-freetext" href="https://login.vagrant.dev/auth/">https://login.vagrant.dev/auth/</a></a></font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Host=login.vagrant.dev</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>locale=[en_US,
en, de]</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>method=GET</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>protocol=HTTP/1.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
queryString=</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>remoteAddr=<a
moz-do-not-send="true" href="http://192.168.33.1:0/" target="_blank"
class="">192.168.33.1:0</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>remoteHost=192.168.33.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>scheme=https</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>host=login.vagrant.dev</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>serverPort=443</font></div>
<div class=""><font
class=""
face="monospace,
monospace">--------------------------RESPONSE--------------------------</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentLength=627</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentType=application/octet-stream</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Cache-Control=max-age=2592000</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Powered-By=Undertow/1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Server=WildFly/10</font></div>
</div>
<div class=""><br
class="">
</div>
<div class=""><br
class="">
</div>
<div class="">Hope
this helps
diagnosing your
issue. Niels</div>
</div>
</div>
<div class="gmail_extra"><br
class="">
<div class="gmail_quote">On
Tue, May 24, 2016 at
1:20 AM, Aritz Maeztu<span
class="Apple-converted-space"> </span><span dir="ltr" class=""><<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br class="">
<blockquote
class="gmail_quote"
style="margin: 0px
0px 0px 0.8ex;
border-left-width:
1px;
border-left-color:
rgb(204, 204, 204);
border-left-style:
solid; padding-left:
1ex;">
<div
bgcolor="#FFFFFF"
text="#000000"
class="">
<p class="">I'm
using keycloak
to securize some
Spring based
services (with
the keycloak
spring security
adapter). The
adapter creates
a `/login`
endpoint in each
of the services
which redirects
to the keycloak
login page and
then redirects
back to the
service when
authentication
is done. I also
have a proxy
service which I
want to publish
in the 80 port
and will take
care of routing
all the requests
to each service.
The proxy
performs a plain
FORWARD to the
service, but the
problem comes
when I securize
the service with
the keycloak
adapter.<span
class="Apple-converted-space"> </span><br
class="">
</p>
<p class="">When I
make a request,
the adapter
redirects to its
login endpoint
and then to the
keycloak auth
url. When
keycloak sends
the redirection,
the url shown in
the browser is
the one from the
service and not
the one from the
proxy. Do I have
some choice to
tell the adapter
I want to
redirect back to
the first
requested url?<span
class=""><font
class=""
color="#888888"><br
class="">
</font></span></p>
<span class=""><font
class=""
color="#888888"><br
class="">
<div class="">--<span
class="Apple-converted-space"> </span><br class="">
<div class="">
<table
style="width:
600px;
border-collapse:
collapse;"
class="">
<tbody
class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);"
class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;"
class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part19.56DB68FA.497140B7@tesicnor.com"><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true" href="http://www.tesicnor.com/" target="_blank"
class=""><span
id="cid:part21.58E351AA.F2ED0CD9@tesicnor.com"><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;"
class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td
colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</font></span></div>
<br class="">
_______________________________________________<br class="">
keycloak-user
mailing list<br
class="">
<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank" class=""><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
class="">
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank"
class=""><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<div class="">--<span
class="Apple-converted-space"> </span><br
class="">
<div class="">
<table style="width:
600px;
border-collapse:
collapse;" class="">
<tbody class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);" class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;" class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part25.2C9B09F3.39D2312E@tesicnor.com"><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true"
href="http://www.tesicnor.com/" target="_blank" class=""><span
id="cid:part27.32F0155C.797C1982@tesicnor.com"><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;" class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br
class="">
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank" class="">keycloak-user@lists.jboss.org</a><br
class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank"
class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<div class="">--<span
class="Apple-converted-space"> </span><br
class="">
<div class="">
<table style="width: 600px;
border-collapse: collapse;" class="">
<tbody class="">
<tr class="">
<td style="border-bottom-width:
1px; border-bottom-style:
solid; border-bottom-color:
rgb(152, 152, 152);" class=""><span
style="font-weight: bold;"
class="">Aritz Maeztu Otaño</span><br
class="">
<span style="font-size: 12px;"
class="">Departamento
Desarrollo de Software</span></td>
<td style="border-bottom-width:
1px; border-bottom-style:
solid; border-bottom-color:
rgb(152, 152, 152);
padding-left: 20px;" class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part31.44462D60.3CB18DF8@tesicnor.com"><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true"
href="http://www.tesicnor.com/"
target="_blank" class=""><span
id="cid:part33.A4B1AB31.24F4A888@tesicnor.com"><Mail
Attachment.png></span></a></td>
<td style="font-size: 12px;"
class="">
<p style="padding-left: 20px;"
class=""><span class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;"
class="">31110 Noain
(Navarra)</span><br
class="">
<span class="">Telf.: 948 21
40 40</span><span
class="Apple-converted-space"> </span><br
class="">
<span class="">Fax.: 948 21
40 41</span><span
class="Apple-converted-space"> </span><br
class="">
</p>
</td>
</tr>
<tr class="">
<td colspan="2" class=""><span
style="color: rgb(0, 153,
0); font-size: 12px;"
class="">Antes de imprimir
este e-mail piense bien si
es necesario hacerlo: El
medioambiente es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
_______________________________________________<br
class="">
keycloak-user mailing list<br class="">
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
class="">keycloak-user@lists.jboss.org</a><br
class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<div class="moz-signature" style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">--<span
class="Apple-converted-space"> </span><br class="">
<div class="moz-signature">
<table style="width: 600px; border-collapse:
collapse;" class="">
<tbody class="">
<tr class="">
<td style="border-bottom-width: 1px;
border-bottom-style: solid;
border-bottom-color: rgb(152, 152, 152);"
class=""><span style="font-weight: bold;"
class="">Aritz Maeztu Otaño</span><br
class="">
<span style="font-size: 12px;" class="">Departamento
Desarrollo de Software</span></td>
<td style="border-bottom-width: 1px;
border-bottom-style: solid;
border-bottom-color: rgb(152, 152, 152);
padding-left: 20px;" class=""><a
moz-do-not-send="true" target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
class=""><span
id="cid:part37.F59A5EDB.10D112D3@tesicnor.com"><linkdin.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a moz-do-not-send="true"
target="_blank"
href="http://www.tesicnor.com/" class=""><span
id="cid:part39.C21A5AC2.3618B928@tesicnor.com"><logo.png></span></a></td>
<td style="font-size: 12px;" class="">
<p style="padding-left: 20px;" class=""><span
class="">Pol. Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span
class="">C/Rio Elorz, Nave 13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110
Noain (Navarra)</span><br class="">
<span class="">Telf.: 948 21 40 40</span><span
class="Apple-converted-space"> </span><br
class="">
<span class="">Fax.: 948 21 40 41</span><span
class="Apple-converted-space"> </span><br
class="">
</p>
</td>
</tr>
<tr class="">
<td colspan="2" class=""><span style="color:
rgb(0, 153, 0); font-size: 12px;" class="">Antes
de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa
de todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); float: none;
display: inline !important;" class="">_______________________________________________</span><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); float: none;
display: inline !important;" class="">keycloak-user
mailing list</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">keycloak-user@lists.jboss.org</a><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
<br /><br />
<hr style='border:none; color:#909090; background-color:#B0B0B0; height: 1px; width: 99%;' />
<table style='border-collapse:collapse;border:none;'>
<tr>
<td style='border:none;padding:0px 15px 0px 8px'>
<a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient">
<img border=0 src="http://static.avast.com/emails/avast-mail-stamp.png" alt="Avast logo" />
</a>
</td>
<td>
<p style='color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helvetica"; font-size:12pt;'>
El software de antivirus Avast ha analizado este correo electrónico en busca de virus.
<br><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient">www.avast.com</a>
</p>
</td>
</tr>
</table>
<br />
</body>
</html>