<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi all,</p>
<p>Good work with the sample project Scott, it's a proper isolated
code where we might easily see what's going on. My previous
problem was nearly solved, it only keeps happening with FF, when
user isn't logged in[0].<br>
</p>
<p>Scott, I've got no reason to avoid other traditional HTTP
proxies, all of this is because I'm a bit of newbie in this kind
of topics about distributed environments and having chosen the
Spring Cloud utility I thought I could implement everything I
needed using Zuul. So that's the design I was thinking in for
production:</p>
<p>Browser request -> Zuul proxy (80) -> UI Service (8099 and
accesses other services using the keycloak rest template) ->
Backbone services (80xx). They call each other using the keycloak
rest template<br>
</p>
<p>Mobile app request -> Zuul proxy (80) -> Backbone services
(80xx). They call each other using the keycloak rest template</p>
<p>I've declared each backbone service in Keycloak as confidential
because that way I can access the service directly through the
browser. Like you say, it might be a properer option to use
bearer-only access, but how could I deal with the UI Service? This
could be a choice according to what you say, not adding any other
proxy:</p>
<p>Browser request -> UI Service (80) -> Zuul proxy (8765)
-> Backbone services (80xx). They call each other using the
keycloak rest template</p>
<p>The only drawback I can think about this design is the case of
needing to have more UI replicas, I would need to manage them
myself? If I add a proxy on the top of it could I have it talking
with Eureka to know where the different instances of the UI
Service are?<br>
</p>
<p>Thanks!<br>
</p>
<p><br>
</p>
<p>[0]<a class="moz-txt-link-freetext" href="https://github.com/xtremebiker/zuul-keycloak-test/pull/1">https://github.com/xtremebiker/zuul-keycloak-test/pull/1</a><br>
</p>
<br>
<div class="moz-cite-prefix">03/06/2016 6:05(e)an, Scott Rossillo
igorleak idatzi zuen:<br>
</div>
<blockquote
cite="mid:FAC29BBF-9791-4A46-AE8E-E4F164C6FB94@smartling.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Hi Aritz,
<div class=""><br class="">
</div>
<div class="">Your sample project was very helpful to understand
the problems you’re facing with Zuul as a proxy server. I spent
some time investigating and I’ve sent you a pull request[0] that
will get your sample working.</div>
<div class=""><br class="">
</div>
<div class="">That being said, please do read the "Cookies and
Sensitive Headers” documentation from Spring Cloud Netflix[1].
This applies to anyone thinking of using Zuul as a stateful
proxy server. Zuul was designed by Netflix to proxy stateless
services. In the Keycloak world, these would be clients with an
access type of bearer-only.</div>
<div class=""><br class="">
</div>
<div class="">I'd strongly recommend against this setup in
production. You could continue to use Zuul for stateless
services but anything requiring an interactive login should
really be behind a more traditional HTTP proxy (e.g. Nginx,
Apache, etc).</div>
<div class=""><br class="">
</div>
<div class="">If you disagree, can you tell us the reason you’d
want to proxy a stateful service with Zuul?</div>
<div class=""><br class="">
</div>
<div class="">Hope this helps clear things up a bit.</div>
<div class=""><br class="">
</div>
<div class="">Best,</div>
<div class="">Scott</div>
<div class=""><br class="">
</div>
<div class="">[0]: <a moz-do-not-send="true"
href="https://github.com/xtremebiker/zuul-keycloak-test/pull/1"
class="">https://github.com/xtremebiker/zuul-keycloak-test/pull/1</a></div>
<div class="">[1]: <a moz-do-not-send="true"
href="http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html"
class="">http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html</a></div>
<div class=""><br class="">
</div>
<div class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">Scott
Rossillo</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">Smartling |
Senior Software Engineer</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class=""><a
moz-do-not-send="true"
href="mailto:srossillo@smartling.com" class=""><a class="moz-txt-link-abbreviated" href="mailto:srossillo@smartling.com">srossillo@smartling.com</a></a></div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
</div>
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Jun 2, 2016, at 4:08 PM, Aritz Maeztu <<a
moz-do-not-send="true"
href="mailto:amaeztu@tesicnor.com" class=""><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<p class="">Hi Scott and all,</p>
<p class="">Tried removing the tomcat adapter from my
project, it was my mistake putting it with the Spring
Security one, all together. Thanks for the link to the
question, it was a question I made in SO some time ago
and your answer worked that time. However, even I
leave /sso/login unprotected by Spring Security, the
same behaviour happens. So I tried creating a sample
scenario from scratch and I can reproduce the issue.
Here it is, three maven projects, the service
discovery (Eureka), the proxy service (Zuul) and the
sample secured service:</p>
<p class=""><a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://github.com/xtremebiker/zuul-keycloak-test">https://github.com/xtremebiker/zuul-keycloak-test</a></p>
<p class="">The keycloak.json file in the secured
service should be replaced by the one for your client,
of course. And here there is a filter declaration that
can be made in Spring Boot to show the request dumper
for Tomcat:</p>
<p class=""><a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://stackoverflow.com/questions/23325389/spring-boot-enable-http-requests-logging/37523922#37523922">http://stackoverflow.com/questions/23325389/spring-boot-enable-http-requests-logging/37523922#37523922</a></p>
<p class="">The steps to reproduce it are:</p>
<p class="">1- Boot the three projects</p>
<p class="">2- Wait till the two services are registered
in Eureka and navigate to
localhost:8765/secured-service/path</p>
<p class="">3- After logging in in Keycloak, the port
changes to 8083<br class="">
</p>
<p class="">I'll continue struggling and see if I can
figure it out myself.</p>
<p class="">Regards<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">31/05/2016 22:56(e)an,
Scott Rossillo igorleak idatzi zuen:<br class="">
</div>
<blockquote
cite="mid:11921D36-82CD-4B90-8E65-4C3209D5DE52@smartling.com"
type="cite" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
Hi Artiz,
<div class=""><br class="">
</div>
<div class="">If you’re using the Tomcat adapter and
Spring Security adapter together, they may be
interfering with each other. I’m not saying this is
the problem you’re having but I’d avoid using both
adapters together.</div>
<div class=""><br class="">
</div>
<div class="">Please also take a look at this Stack
Overflow answer[0] related to redirect issues. If
none of this helps I’ll try to debug with Eureka and
Zuul.</div>
<div class=""><br class="">
</div>
<div class="">[0]: <a moz-do-not-send="true"
href="http://stackoverflow.com/questions/33543672/keycloak-redirects-me-to-my-index-url-instead-of-to-the-requested-one?answertab=votes#tab-top"
class="">http://stackoverflow.com/questions/33543672/keycloak-redirects-me-to-my-index-url-instead-of-to-the-requested-one?answertab=votes#tab-top</a></div>
<div class=""><br class="">
<div class="">
<div style="letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;" class="">
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal; font-weight:
normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class="">Scott
Rossillo</div>
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal; font-weight:
normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class="">Smartling
| Senior Software Engineer</div>
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal; font-weight:
normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class=""><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:srossillo@smartling.com"><a class="moz-txt-link-abbreviated" href="mailto:srossillo@smartling.com">srossillo@smartling.com</a></a></div>
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal; font-weight:
normal; letter-spacing: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class=""> </div>
</div>
</div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On May 31, 2016, at 4:00 PM, Aritz
Maeztu <<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<p class="">Hello Scott,</p>
<p class="">I've got the spring security and
tomcat keycloak adapters both as a project
dependency for each service (as I'm
running the services in Tomcat 8 embedded
servers). Basically I want to base my
security in Spring Security, that's why I
chose this adapter over the Spring Boot
adapter.</p>
<p class="">As the behaviour states, a
redirection is made first to the
/sso/login endpoint, then other one to the
keycloak authorization server. The
question is, as a redirection is a mere
instruction stated from the server to the
browser, which chances do I have to send
the original x-forwarded headers to the
keycloak authorization server, so that it
can make the redirection to the url
requested at the very beginning (to the
reverse proxy)?</p>
<p class="">I could implement a playground
scenario for you if you happen to require
it.</p>
<p class="">Many thanks<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">31/05/2016
20:14(e)an, Scott Rossillo igorleak idatzi
zuen:<br class="">
</div>
<blockquote
cite="mid:D8C74651-F010-49A7-92AF-3A771D68C560@smartling.com"
type="cite" class="">
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8"
class="">
Hi Artiz,
<div class=""><br class="">
</div>
<div class="">So just to be clear, which
Keycloak adapter are you using? The
Spring Boot Adapter or the Spring
Security Adapter?</div>
<div class=""><br class="">
<div class="">
<div style="letter-spacing: normal;
orphans: auto; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
word-wrap: break-word;
-webkit-nbsp-mode: space;
-webkit-line-break:
after-white-space;" class="">
<div style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-ligatures:
normal; font-variant-position:
normal; font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class="">Scott Rossillo</div>
<div style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-ligatures:
normal; font-variant-position:
normal; font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class="">Smartling | Senior
Software Engineer</div>
<div style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-ligatures:
normal; font-variant-position:
normal; font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class=""><a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:srossillo@smartling.com">srossillo@smartling.com</a></div>
<div style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-ligatures:
normal; font-variant-position:
normal; font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class=""> </div>
</div>
</div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On May 31, 2016, at
3:13 AM, Aritz Maeztu <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>> wrote:</div>
<br
class="Apple-interchange-newline">
<div class="">
<p style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">I've got some
Spring Boot application
instances with embeded Tomcat
servlet containers. Tomcat has a
similar system to Wildfly for
request dumpering, that's what I
have enabled for getting the
trace below. In short words
that's the behaviour I'm able to
see:<span
class="Apple-converted-space"> </span><br
class="">
</p>
<p style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">1. Zuul Proxy
(Spring Boot in Tomcat) ->
Organization Service (8083 port)
: A forward request where
X-forwarded headers are included</p>
<p style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">2. Organization
Service (localhost:8083) : Looks
for a token and if it's not
available, the keycloak adapter
redirects to the /sso/login of
the same service (Here the
traceability from the proxy gets
losts)</p>
<p style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">3.
localhost:8083/sso/login:
Redirects to the keycloak
wildfly server, saving the
requested url<span
class="Apple-converted-space"> </span><br
class="">
</p>
<p style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">4. Keycloak
login: The user performs the
authentication and the
redirectUri is
localhost:8083/sso/login. Later
on, the login endpoint redirects
the user to the url requested in
point 2, not the first one from
the proxy.</p>
<p style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">I only have this
problem when my organization
service needs to verify the
token (or a token doesn't exist)
using the keycloak adapter. When
the /sso/login endpoint is not
requested, everything is working
properly. Hope I've explained it
well!<br class="">
</p>
<br style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">
<div class="moz-cite-prefix"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);">31/05/2016 7:15(e)an,
Stian Thorgersen igorleak idatzi
zuen:<br class="">
</div>
<blockquote
cite="mid:CAJgngAfQUcz1hJwqkpOgr3j9DCxfxdgc_iA73Coyfc7j1EnLJQ@mail.gmail.com"
type="cite" style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">
<div dir="ltr" class="">Where is
your app deployed? If it's on
WildFly you can follow the
same steps used to configure
reverse proxy for Keycloak
Server to configure WildFly.
Check if getRequestURL returns
the correct URL in your app.</div>
<div class="gmail_extra"><br
class="">
<div class="gmail_quote">On 30
May 2016 at 15:08, Aritz
Maeztu<span
class="Apple-converted-space"> </span><span
dir="ltr" class=""><<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br class="">
<blockquote
class="gmail_quote"
style="margin: 0px 0px 0px
0.8ex; border-left-width:
1px; border-left-color:
rgb(204, 204, 204);
border-left-style: solid;
padding-left: 1ex;">
<div bgcolor="#FFFFFF"
text="#000000" class="">
<p class=""><br class="">
</p>
<div class=""><br
class="">
<br class="">
-------- Birbidalitako
mezua --------
<table class=""
border="0"
cellpadding="0"
cellspacing="0">
<tbody class="">
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Gaia:</th>
<td class="">Re:
[keycloak-user] Redirection issue with proxy behind keycloak</td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Data:</th>
<td class="">Mon,
30 May 2016
13:28:21 +0200</td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Nork:</th>
<td class="">Aritz
Maeztu<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-rfc2396E" href="mailto:amaeztu@tesicnor.com"><amaeztu@tesicnor.com></a></a></td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Nori:</th>
<td class=""><a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:stian@redhat.com"><a class="moz-txt-link-abbreviated" href="mailto:stian@redhat.com">stian@redhat.com</a></a></td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">CC:</th>
<td class="">Niels
Bertram<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:nielsbne@gmail.com"><a class="moz-txt-link-rfc2396E" href="mailto:nielsbne@gmail.com"><nielsbne@gmail.com></a></a>,
keycloak-user<span
class="Apple-converted-space"> </span><a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a>,
Scott Rossillo<span
class="Apple-converted-space"> </span><a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:srossillo@smartling.com"><srossillo@smartling.com></a></td>
</tr>
</tbody>
</table>
<div class="">
<div class="h5"><br
class="">
<br class="">
<p class="">I've
done all the
traceability
from the proxy
server till the
login page is
displayed:</p>
<p class="">First
step,
/organization/organizations
is requested, so
the proxy server
knows it has to
be forwarded to
the 8083 port
(the one for the
organization
service). That's
the first
request received
by my
application's
Tomcat:</p>
<p class=""><font
class=""
face="Courier
New" size="-2">2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
START
TIME
=30-may-2016
13:01:18<br
class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
requestURI=/organizations<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
authType=null<br
class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
characterEncoding=UTF-8<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contentLength=-1<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contentType=null<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contextPath=<br
class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=accept-language=es-ES,es;q=0.8<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=x-forwarded-host=mies-057:8765<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=x-forwarded-prefix=/organization<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=upgrade-insecure-requests=1<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=accept-encoding=gzip<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=user-agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like
Gecko)
Chrome/50.0.2661.102
Safari/537.36<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=netflix.nfhttpclient.version=1.0<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=x-netflix-httpclientname=organization<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=host=mies-057:8083<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=connection=Keep-Alive<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
locale=es_ES<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
method=GET<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
pathInfo=null<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
protocol=HTTP/1.1<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
queryString=null<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteAddr=192.168.56.1<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteHost=192.168.56.1<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteUser=null<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
requestedSessionId=null<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
scheme=http<br
class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
serverName=mies-057<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
serverPort=8083<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
servletPath=/organizations<br class="">
2016-05-30
13:01:18.891
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
isSecure=false<br
class="">
2016-05-30
13:01:18.891
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
------------------=--------------------------------------------</font></p>
<p class="">Here
x-forwarded-host
is mies-057:8765
(the proxy
server) and
x-forwarded-prefix
is
/organization.
So the original
request is kept
in the headers.
Well, now my
service (8083)
tries to check
for
authorization
via the
/sso/login
endpoint from
the keycloak
spring security
adapter:<br
class="">
</p>
<p class=""><font
class=""
face="Courier
New" size="-2">2016-05-30
13:01:18.892
DEBUG 18096
---
[nio-8083-exec-9]
o.k.a.s.management.HttpSessionManager : Session created:
CDCA7AD4439DE94BD0B3B5803DAA0752<br
class="">
2016-05-30
13:01:18.892
DEBUG 18096
---
[nio-8083-exec-9]
k.a.s.a.KeycloakAuthenticationEntryPoint : Redirecting to login URI
/sso/login<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
------------------=--------------------------------------------<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
authType=null<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contentType=null<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=X-Content-Type-Options=nosniff<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=X-XSS-Protection=1; mode=block<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Cache-Control=no-cache, no-store, max-age=0, must-revalidate<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Pragma=no-cache<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Expires=0<br class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=X-Frame-Options=DENY<br class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Set-Cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752; Path=/;
HttpOnly<br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Location=<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a><br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteUser=null<br class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
status=302<br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
END
TIME
=30-may-2016
13:01:18<br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
===============================================================<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
START
TIME
=30-may-2016
13:01:18<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
requestURI=/sso/login<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
authType=null<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
characterEncoding=UTF-8<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
contentLength=-1<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
contentType=null<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
contextPath=<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=host=mies-057:8083<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=connection=keep-alive<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=upgrade-insecure-requests=1<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=user-agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like
Gecko)
Chrome/50.0.2661.102
Safari/537.36<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=accept-encoding=gzip, deflate, sdch<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=accept-language=es-ES,es;q=0.8<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
locale=es_ES<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
method=GET<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
pathInfo=null<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
protocol=HTTP/1.1<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
queryString=null<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
remoteAddr=192.168.56.1<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
remoteHost=192.168.56.1<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
remoteUser=null<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
requestedSessionId=CDCA7AD4439DE94BD0B3B5803DAA0752<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
scheme=http<br
class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
serverName=mies-057<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
serverPort=8083<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
servletPath=/sso/login<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
isSecure=false<br
class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
------------------=--------------------------------------------<br
class="">
2016-05-30
13:01:18.904
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.PreAuthActionsHandler : adminRequest<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057:8083/sso/login"><a class="moz-txt-link-freetext" href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a></a><br
class="">
2016-05-30
13:01:18.904
DEBUG 18096
---
[io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter : Request is to process
authentication<br
class="">
2016-05-30
13:01:18.904
DEBUG 18096
---
[io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter : Attempting Keycloak
authentication<br
class="">
2016-05-30
13:01:18.904
TRACE 18096
---
[io-8083-exec-10]
o.k.adapters.RequestAuthenticator : --> authenticate()<br
class="">
2016-05-30
13:01:18.904
TRACE 18096
---
[io-8083-exec-10]
o.k.adapters.RequestAuthenticator : try bearer<br class="">
2016-05-30
13:01:18.904
TRACE 18096
---
[io-8083-exec-10]
o.k.adapters.RequestAuthenticator : try oauth<br class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.a.s.token.SpringSecurityTokenStore : Checking if
org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator@d328c2d
is cached<br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : there was no code<br class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server<br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : callback uri:<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057:8083/sso/login"><a class="moz-txt-link-freetext" href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a></a><br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter : Auth outcome: NOT_ATTEMPTED<br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : Sending redirect to login
page:<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true"><a class="moz-txt-link-freetext" href="http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true">http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true</a></a></font></p>
<p class="">As
it's shown in
the logs, the
X-forwarded logs
are not kept by
the keycloak
adapter (look at
the lines below<span
class="Apple-converted-space"> </span><font class="" face="Courier New"
size="-2">k.a.s.a.KeycloakAuthenticationEntryPoint
: Redirecting
to login URI
/sso/login</font>).
So could it be
the proxy server
itself being
properly
configured but
the keycloak
adapter losing
the original
headers while
performing the
redirection?</p>
<p class="">I've
also set up the
request dumper
in the undertow
server as Niels
suggested, but
obviously,
X-forwarded
headers are not
reaching the
keycloak
server..</p>
<p class="">Thanks
for your time,
again ;-)<br
class="">
</p>
<p class=""><br
class="">
</p>
<br class="">
<div class="">25/05/2016
7:22(e)an, Stian
Thorgersen
igorleak idatzi
zuen:<br
class="">
</div>
<blockquote
type="cite"
class="">
<div dir="ltr"
class="">You
need the Host
and
X-Forwarded-For
headers to be
included and
there's also
some config to
be done on the
Keycloak
server (see <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding"><a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding</a></a>)</div>
<div
class="gmail_extra"><br
class="">
<div
class="gmail_quote">On
24 May 2016 at
08:46, Aritz
Maeztu<span
class="Apple-converted-space"> </span><span
dir="ltr"
class=""><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br class="">
<blockquote
class="gmail_quote"
style="margin:
0px 0px 0px
0.8ex;
border-left-width:
1px;
border-left-color:
rgb(204, 204,
204);
border-left-style:
solid;
padding-left:
1ex;">
<div
bgcolor="#FFFFFF"
text="#000000"
class="">
<p class="">Hi
Niels and
Scott. First
of all, thank
you very much
for your help.
I'm currently
using Zuul
(Spring Cloud)
as the reverse
proxy. All the
services are
registered in
a discovery
service called
Eureka and
then Zuul
looks for the
service id
there and
performs de
redirection. I
read about<span
class="Apple-converted-space"> </span><font class="" face="monospace,
monospace">X-Forwarded
headers, but I
thought it
might result
in a security
issue if not
included, not
that it could
affect the
redirection
process.<span
class="Apple-converted-space"> </span><br class="">
</font></p>
<p class=""><font
class=""
face="monospace,
monospace">As
Scott says, I
suppose the
Host and the
X-Real-Ip
headers are
the relevant
ones here, so
I guess I
should
instruct Zuul
to send them
when the
service is
addressed
(however I
wonder why
they are not
already being
sent, as Zuul
is a proxy
service, all
in all).</font></p>
Here I include
a preview of
the first
redirection
made to the
keycloak login
page, which
shows the
request
headers sent
to the service
/login
endpoint (at
port 8081 in
localhost):<br
class="">
<br class="">
<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0"><a class="moz-txt-link-freetext" href="https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0">https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0</a></a><br
class="">
<br class="">
<div class="">24/05/2016
2:08(e)an,
Niels Bertram
igorleak
idatzi zuen:<br
class="">
</div>
<div class="">
<div class="">
<blockquote
type="cite"
class="">
<div dir="ltr"
class="">Hi
Artitz,
<div class=""><br
class="">
</div>
<div class="">a
great way to
figure out
what is sent
from the
reverse proxy
to your
keycloak
server is to
use the
undertow
request
dumper.
<div class=""><br
class="">
</div>
<div class="">From
the jboss-cli
just add the
request dumper
filter to your
undertow
configuration
like this:</div>
<div class=""><br
class="">
</div>
<div class="">
<div class=""><font
class=""
face="monospace,
monospace">$KC_HOME/bin/jbpss-cli.sh
-c</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/subsystem=undertow/configuration=filter/custom-filter=request-dumper:add(class-name=io.undertow.server.handlers.RequestDumpingHandler,
module=io.undertow.core)</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/subsystem=undertow/server=default-server/host=default-host/filter-ref=request-dumper:add</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/:reload</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif">given
your apache
config looks
something like
this:</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyRequests Off</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPreserveHost On</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyVia On</font></div>
<div class=""><br
class="">
</div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPass /auth ajp://<a
moz-do-not-send="true"
href="http://127.0.0.1:8009/auth" target="_blank" class="">127.0.0.1:8009/auth</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPassReverse /auth ajp://<a
moz-do-not-send="true"
href="http://127.0.0.1:8009/auth" target="_blank" class="">127.0.0.1:8009/auth</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif">you
should see
something like
that (forwared
info is
somewhat
rubbish in
this example
as I am
running the
hosts on
Virtualbox -
but you can
see this
request was
put through 2
proxies from
local pc
192.168.33.1
to haproxy on
192.168.33.80
and then
apache reverse
proxy on
192.168.33.81
):</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">==============================================================</font></div>
<div class=""><font
class=""
face="monospace,
monospace">23:47:20,563
INFO
[io.undertow.request.dump]
(default
task-14)</font></div>
<div class=""><font
class=""
face="monospace,
monospace">----------------------------REQUEST---------------------------</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
URI=/auth/welcome-content/favicon.ico</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> characterEncoding=null</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentLength=-1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentType=null</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept=*/*</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept-Language=en-US,en;q=0.8,de;q=0.6</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Cache-Control=no-cache</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept-Encoding=gzip,
deflate, sdch</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=DNT=1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Pragma=no-cache</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Original-To=192.168.33.80</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=User-Agent=Mozilla/5.0
(Windows NT
6.1; WOW64)
AppleWebKit/537.36
(KHTML, like
Gecko)
Chrome/50.0.2661.102
Safari/537.36</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Authorization=Basic
bmljZSB0cnkgYnV0IGFtIG5vdCBmcm9tIHllc3RlcmRheQo=</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-Proto=https</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-Port=443</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-For=192.168.33.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Referer=<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://login.vagrant.dev/auth/"><a class="moz-txt-link-freetext" href="https://login.vagrant.dev/auth/">https://login.vagrant.dev/auth/</a></a></font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Host=login.vagrant.dev</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>locale=[en_US,
en, de]</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>method=GET</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>protocol=HTTP/1.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
queryString=</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>remoteAddr=<a
moz-do-not-send="true" href="http://192.168.33.1:0/" target="_blank"
class="">192.168.33.1:0</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>remoteHost=192.168.33.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>scheme=https</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>host=login.vagrant.dev</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>serverPort=443</font></div>
<div class=""><font
class=""
face="monospace,
monospace">--------------------------RESPONSE--------------------------</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentLength=627</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentType=application/octet-stream</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Cache-Control=max-age=2592000</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Powered-By=Undertow/1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Server=WildFly/10</font></div>
</div>
<div class=""><br
class="">
</div>
<div class=""><br
class="">
</div>
<div class="">Hope
this helps
diagnosing
your issue.
Niels</div>
</div>
</div>
<div
class="gmail_extra"><br
class="">
<div
class="gmail_quote">On
Tue, May 24,
2016 at 1:20
AM, Aritz
Maeztu<span
class="Apple-converted-space"> </span><span
dir="ltr"
class=""><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br class="">
<blockquote
class="gmail_quote"
style="margin:
0px 0px 0px
0.8ex;
border-left-width:
1px;
border-left-color:
rgb(204, 204,
204);
border-left-style:
solid;
padding-left:
1ex;">
<div
bgcolor="#FFFFFF"
text="#000000"
class="">
<p class="">I'm
using keycloak
to securize
some Spring
based services
(with the
keycloak
spring
security
adapter). The
adapter
creates a
`/login`
endpoint in
each of the
services which
redirects to
the keycloak
login page and
then redirects
back to the
service when
authentication
is done. I
also have a
proxy service
which I want
to publish in
the 80 port
and will take
care of
routing all
the requests
to each
service. The
proxy performs
a plain
FORWARD to the
service, but
the problem
comes when I
securize the
service with
the keycloak
adapter.<span
class="Apple-converted-space"> </span><br class="">
</p>
<p class="">When
I make a
request, the
adapter
redirects to
its login
endpoint and
then to the
keycloak auth
url. When
keycloak sends
the
redirection,
the url shown
in the browser
is the one
from the
service and
not the one
from the
proxy. Do I
have some
choice to tell
the adapter I
want to
redirect back
to the first
requested url?<span
class=""><font
class=""
color="#888888"><br
class="">
</font></span></p>
<span class=""><font
class=""
color="#888888"><br
class="">
<div class="">--<span
class="Apple-converted-space"> </span><br class="">
<div class="">
<table
style="width:
600px;
border-collapse:
collapse;"
class="">
<tbody
class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);"
class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;"
class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part19.56DB68FA.497140B7@tesicnor.com"
class=""><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true" href="http://www.tesicnor.com/" target="_blank"
class=""><span
id="cid:part21.58E351AA.F2ED0CD9@tesicnor.com" class=""><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;"
class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td
colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</font></span></div>
<br class="">
_______________________________________________<br class="">
keycloak-user
mailing list<br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:keycloak-user@lists.jboss.org"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<div class="">--<span
class="Apple-converted-space"> </span><br class="">
<div class="">
<table
style="width:
600px;
border-collapse:
collapse;"
class="">
<tbody
class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);"
class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;"
class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part25.2C9B09F3.39D2312E@tesicnor.com"
class=""><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true" href="http://www.tesicnor.com/" target="_blank"
class=""><span
id="cid:part27.32F0155C.797C1982@tesicnor.com" class=""><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;"
class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td
colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<br class="">
_______________________________________________<br class="">
keycloak-user
mailing list<br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:keycloak-user@lists.jboss.org"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<div class="">--<span
class="Apple-converted-space"> </span><br class="">
<div class="">
<table
style="width:
600px;
border-collapse:
collapse;"
class="">
<tbody
class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);"
class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;"
class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part31.44462D60.3CB18DF8@tesicnor.com"
class=""><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true" href="http://www.tesicnor.com/" target="_blank"
class=""><span
id="cid:part33.A4B1AB31.24F4A888@tesicnor.com" class=""><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;"
class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td
colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br
class="">
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br
class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">
<div class="moz-signature"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);">--<span
class="Apple-converted-space"> </span><br
class="">
<div class="moz-signature">
<table style="width: 600px;
border-collapse: collapse;"
class="">
<tbody class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152, 152);"
class=""><span
style="font-weight:
bold;" class="">Aritz
Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;" class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152, 152);
padding-left: 20px;"
class=""><a
moz-do-not-send="true"
target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
class=""><span
id="cid:part37.F59A5EDB.10D112D3@tesicnor.com"
class=""><linkdin.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true"
target="_blank"
href="http://www.tesicnor.com/"
class=""><span
id="cid:part39.C21A5AC2.3618B928@tesicnor.com"
class=""><logo.png></span></a></td>
<td style="font-size:
12px;" class="">
<p
style="padding-left:
20px;" class=""><span
class="">Pol. Ind.
Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td colspan="2" class=""><span
style="color: rgb(0,
153, 0); font-size:
12px;" class="">Antes
de imprimir este
e-mail piense bien
si es necesario
hacerlo: El
medioambiente es
cosa de todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
<span style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255); float: none; display:
inline !important;" class="">_______________________________________________</span><br
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">
<span style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255); float: none; display:
inline !important;" class="">keycloak-user
mailing list</span><br
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">keycloak-user@lists.jboss.org</a><br
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255,
255);" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<br class="">
<br class="">
<hr style="border:none; color:#909090;
background-color:#B0B0B0; height: 1px;
width: 99%;" class="">
<table
style="border-collapse:collapse;border:none;"
class="">
<tbody class="">
<tr class="">
<td style="border:none;padding:0px
15px 0px 8px" class=""> <a
moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class=""> <img
moz-do-not-send="true"
src="http://static.avast.com/emails/avast-mail-stamp.png"
alt="Avast logo" class=""
border="0"> </a> </td>
<td class="">
<p style="color:#3d4d5a;
font-family:"Calibri","Verdana","Arial","Helvetica";
font-size:12pt;" class=""> El
software de antivirus Avast ha
analizado este correo electrónico
en busca de virus. <br class="">
<a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class="">www.avast.com</a> </p>
</td>
</tr>
</tbody>
</table>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<br class="">
<br class="">
<hr style="border:none; color:#909090;
background-color:#B0B0B0; height: 1px; width: 99%;"
class="">
<table style="border-collapse:collapse;border:none;"
class="">
<tbody class="">
<tr class="">
<td style="border:none;padding:0px 15px 0px 8px"
class=""> <a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class=""> <img moz-do-not-send="true"
src="http://static.avast.com/emails/avast-mail-stamp.png"
alt="Avast logo" class="" border="0"> </a>
</td>
<td class="">
<p style="color:#3d4d5a;
font-family:"Calibri","Verdana","Arial","Helvetica";
font-size:12pt;" class=""> El software de
antivirus Avast ha analizado este correo
electrónico en busca de virus. <br class="">
<a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class="">www.avast.com</a> </p>
</td>
</tr>
</tbody>
</table>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="moz-signature">
<table style="cellspadding: 0; width: 600; align: left;
border-collapse: collapse;">
<tbody>
<tr>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898;"> <span
style="font-weight:bold">Aritz Maeztu Otaño</span><br>
<span style="font-size: 12px;">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898; padding-left:
20px;"> <a target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES">
<img src="cid:part52.51414755.1D3C274D@tesicnor.com"
border="0">
<!--<img src="linkdin.gif" border="0" />--> </a> </td>
</tr>
<tr>
<td> <a target="_blank" href="http://www.tesicnor.com"> <img
shrinktofit="true"
src="cid:part54.4E57D8D1.257849BF@tesicnor.com"
border="0" width="143">
<!--<img shrinktofit="true" src="logo.png" width="143" border="0" />-->
</a> </td>
<td style="font-size: 12px;">
<p style="padding-left: 20px;"> <span>Pol. Ind.
Mocholi.</span> <span>C/Rio Elorz, Nave 13E </span><span
style="font-weight:bold">31110 Noain (Navarra)</span><br>
<span>Telf.: 948 21 40 40</span> <br>
<span>Fax.: 948 21 40 41</span> <br>
</p>
</td>
</tr>
<tr>
<td colspan="2"> <span style="color: #009900;font-size:
12px;">Antes de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa de todos.</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>