<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello, any advice on this?<br>
</p>
<br>
<div class="moz-cite-prefix">03/06/2016 14:20(e)an, Aritz Maeztu
igorleak idatzi zuen:<br>
</div>
<blockquote
cite="mid:78c6e629-d3ab-2ea7-b4bb-ac5d10478f7c@tesicnor.com"
type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<p>Hi all,</p>
<p>Good work with the sample project Scott, it's a proper isolated
code where we might easily see what's going on. My previous
problem was nearly solved, it only keeps happening with FF, when
user isn't logged in[0].<br>
</p>
<p>Scott, I've got no reason to avoid other traditional HTTP
proxies, all of this is because I'm a bit of newbie in this kind
of topics about distributed environments and having chosen the
Spring Cloud utility I thought I could implement everything I
needed using Zuul. So that's the design I was thinking in for
production:</p>
<p>Browser request -> Zuul proxy (80) -> UI Service (8099
and accesses other services using the keycloak rest template)
-> Backbone services (80xx). They call each other using the
keycloak rest template<br>
</p>
<p>Mobile app request -> Zuul proxy (80) -> Backbone
services (80xx). They call each other using the keycloak rest
template</p>
<p>I've declared each backbone service in Keycloak as confidential
because that way I can access the service directly through the
browser. Like you say, it might be a properer option to use
bearer-only access, but how could I deal with the UI Service?
This could be a choice according to what you say, not adding any
other proxy:</p>
<p>Browser request -> UI Service (80) -> Zuul proxy (8765)
-> Backbone services (80xx). They call each other using the
keycloak rest template</p>
<p>The only drawback I can think about this design is the case of
needing to have more UI replicas, I would need to manage them
myself? If I add a proxy on the top of it could I have it
talking with Eureka to know where the different instances of the
UI Service are?<br>
</p>
<p>Thanks!<br>
</p>
<p><br>
</p>
<p>[0]<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://github.com/xtremebiker/zuul-keycloak-test/pull/1">https://github.com/xtremebiker/zuul-keycloak-test/pull/1</a><br>
</p>
<br>
<div class="moz-cite-prefix">03/06/2016 6:05(e)an, Scott Rossillo
igorleak idatzi zuen:<br>
</div>
<blockquote
cite="mid:FAC29BBF-9791-4A46-AE8E-E4F164C6FB94@smartling.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
Hi Aritz,
<div class=""><br class="">
</div>
<div class="">Your sample project was very helpful to understand
the problems you’re facing with Zuul as a proxy server. I
spent some time investigating and I’ve sent you a pull
request[0] that will get your sample working.</div>
<div class=""><br class="">
</div>
<div class="">That being said, please do read the "Cookies and
Sensitive Headers” documentation from Spring Cloud Netflix[1].
This applies to anyone thinking of using Zuul as a stateful
proxy server. Zuul was designed by Netflix to proxy stateless
services. In the Keycloak world, these would be clients with
an access type of bearer-only.</div>
<div class=""><br class="">
</div>
<div class="">I'd strongly recommend against this setup in
production. You could continue to use Zuul for stateless
services but anything requiring an interactive login should
really be behind a more traditional HTTP proxy (e.g. Nginx,
Apache, etc).</div>
<div class=""><br class="">
</div>
<div class="">If you disagree, can you tell us the reason you’d
want to proxy a stateful service with Zuul?</div>
<div class=""><br class="">
</div>
<div class="">Hope this helps clear things up a bit.</div>
<div class=""><br class="">
</div>
<div class="">Best,</div>
<div class="">Scott</div>
<div class=""><br class="">
</div>
<div class="">[0]: <a moz-do-not-send="true"
href="https://github.com/xtremebiker/zuul-keycloak-test/pull/1"
class="">https://github.com/xtremebiker/zuul-keycloak-test/pull/1</a></div>
<div class="">[1]: <a moz-do-not-send="true"
href="http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html"
class="">http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html</a></div>
<div class=""><br class="">
</div>
<div class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class="">Scott Rossillo</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class="">Smartling | Senior Software Engineer</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class=""><a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:srossillo@smartling.com">srossillo@smartling.com</a></div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class=""> </div>
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Jun 2, 2016, at 4:08 PM, Aritz Maeztu
<<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<p class="">Hi Scott and all,</p>
<p class="">Tried removing the tomcat adapter from my
project, it was my mistake putting it with the
Spring Security one, all together. Thanks for the
link to the question, it was a question I made in SO
some time ago and your answer worked that time.
However, even I leave /sso/login unprotected by
Spring Security, the same behaviour happens. So I
tried creating a sample scenario from scratch and I
can reproduce the issue. Here it is, three maven
projects, the service discovery (Eureka), the proxy
service (Zuul) and the sample secured service:</p>
<p class=""><a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://github.com/xtremebiker/zuul-keycloak-test">https://github.com/xtremebiker/zuul-keycloak-test</a></p>
<p class="">The keycloak.json file in the secured
service should be replaced by the one for your
client, of course. And here there is a filter
declaration that can be made in Spring Boot to show
the request dumper for Tomcat:</p>
<p class=""><a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://stackoverflow.com/questions/23325389/spring-boot-enable-http-requests-logging/37523922#37523922">http://stackoverflow.com/questions/23325389/spring-boot-enable-http-requests-logging/37523922#37523922</a></p>
<p class="">The steps to reproduce it are:</p>
<p class="">1- Boot the three projects</p>
<p class="">2- Wait till the two services are
registered in Eureka and navigate to
localhost:8765/secured-service/path</p>
<p class="">3- After logging in in Keycloak, the port
changes to 8083<br class="">
</p>
<p class="">I'll continue struggling and see if I can
figure it out myself.</p>
<p class="">Regards<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">31/05/2016 22:56(e)an,
Scott Rossillo igorleak idatzi zuen:<br class="">
</div>
<blockquote
cite="mid:11921D36-82CD-4B90-8E65-4C3209D5DE52@smartling.com"
type="cite" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8" class="">
Hi Artiz,
<div class=""><br class="">
</div>
<div class="">If you’re using the Tomcat adapter and
Spring Security adapter together, they may be
interfering with each other. I’m not saying this
is the problem you’re having but I’d avoid using
both adapters together.</div>
<div class=""><br class="">
</div>
<div class="">Please also take a look at this Stack
Overflow answer[0] related to redirect issues. If
none of this helps I’ll try to debug with Eureka
and Zuul.</div>
<div class=""><br class="">
</div>
<div class="">[0]: <a moz-do-not-send="true"
href="http://stackoverflow.com/questions/33543672/keycloak-redirects-me-to-my-index-url-instead-of-to-the-requested-one?answertab=votes#tab-top"
class="">http://stackoverflow.com/questions/33543672/keycloak-redirects-me-to-my-index-url-instead-of-to-the-requested-one?answertab=votes#tab-top</a></div>
<div class=""><br class="">
<div class="">
<div style="letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;"
class="">
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class="">Scott
Rossillo</div>
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class="">Smartling
| Senior Software Engineer</div>
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class=""><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:srossillo@smartling.com"><a class="moz-txt-link-abbreviated" href="mailto:srossillo@smartling.com">srossillo@smartling.com</a></a></div>
<div style="font-family: Helvetica; font-size:
12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px;
-webkit-text-stroke-width: 0px;" class=""> </div>
</div>
</div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On May 31, 2016, at 4:00 PM,
Aritz Maeztu <<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000"
class="">
<p class="">Hello Scott,</p>
<p class="">I've got the spring security
and tomcat keycloak adapters both as a
project dependency for each service (as
I'm running the services in Tomcat 8
embedded servers). Basically I want to
base my security in Spring Security,
that's why I chose this adapter over the
Spring Boot adapter.</p>
<p class="">As the behaviour states, a
redirection is made first to the
/sso/login endpoint, then other one to
the keycloak authorization server. The
question is, as a redirection is a mere
instruction stated from the server to
the browser, which chances do I have to
send the original x-forwarded headers to
the keycloak authorization server, so
that it can make the redirection to the
url requested at the very beginning (to
the reverse proxy)?</p>
<p class="">I could implement a playground
scenario for you if you happen to
require it.</p>
<p class="">Many thanks<br class="">
</p>
<br class="">
<div class="moz-cite-prefix">31/05/2016
20:14(e)an, Scott Rossillo igorleak
idatzi zuen:<br class="">
</div>
<blockquote
cite="mid:D8C74651-F010-49A7-92AF-3A771D68C560@smartling.com"
type="cite" class="">
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8"
class="">
Hi Artiz,
<div class=""><br class="">
</div>
<div class="">So just to be clear, which
Keycloak adapter are you using? The
Spring Boot Adapter or the Spring
Security Adapter?</div>
<div class=""><br class="">
<div class="">
<div style="letter-spacing: normal;
orphans: auto; text-align: start;
text-indent: 0px; text-transform:
none; white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
word-wrap: break-word;
-webkit-nbsp-mode: space;
-webkit-line-break:
after-white-space;" class="">
<div style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class="">Scott Rossillo</div>
<div style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class="">Smartling | Senior
Software Engineer</div>
<div style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class=""><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:srossillo@smartling.com"><a class="moz-txt-link-abbreviated" href="mailto:srossillo@smartling.com">srossillo@smartling.com</a></a></div>
<div style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal;
letter-spacing: normal; orphans:
auto; text-align: start;
text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;"
class=""> </div>
</div>
</div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On May 31, 2016, at
3:13 AM, Aritz Maeztu <<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>> wrote:</div>
<br
class="Apple-interchange-newline">
<div class="">
<p style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">I've
got some Spring Boot
application instances with
embeded Tomcat servlet
containers. Tomcat has a
similar system to Wildfly for
request dumpering, that's what
I have enabled for getting the
trace below. In short words
that's the behaviour I'm able
to see:<span
class="Apple-converted-space"> </span><br
class="">
</p>
<p style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">1.
Zuul Proxy (Spring Boot in
Tomcat) -> Organization
Service (8083 port) : A
forward request where
X-forwarded headers are
included</p>
<p style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">2.
Organization Service
(localhost:8083) : Looks for a
token and if it's not
available, the keycloak
adapter redirects to the
/sso/login of the same service
(Here the traceability from
the proxy gets losts)</p>
<p style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">3.
localhost:8083/sso/login:
Redirects to the keycloak
wildfly server, saving the
requested url<span
class="Apple-converted-space"> </span><br
class="">
</p>
<p style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">4.
Keycloak login: The user
performs the authentication
and the redirectUri is
localhost:8083/sso/login.
Later on, the login endpoint
redirects the user to the url
requested in point 2, not the
first one from the proxy.</p>
<p style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">I
only have this problem when my
organization service needs to
verify the token (or a token
doesn't exist) using the
keycloak adapter. When the
/sso/login endpoint is not
requested, everything is
working properly. Hope I've
explained it well!<br class="">
</p>
<br style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">
<div class="moz-cite-prefix"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);">31/05/2016
7:15(e)an, Stian Thorgersen
igorleak idatzi zuen:<br
class="">
</div>
<blockquote
cite="mid:CAJgngAfQUcz1hJwqkpOgr3j9DCxfxdgc_iA73Coyfc7j1EnLJQ@mail.gmail.com"
type="cite"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">
<div dir="ltr" class="">Where
is your app deployed? If
it's on WildFly you can
follow the same steps used
to configure reverse proxy
for Keycloak Server to
configure WildFly. Check if
getRequestURL returns the
correct URL in your app.</div>
<div class="gmail_extra"><br
class="">
<div class="gmail_quote">On
30 May 2016 at 15:08,
Aritz Maeztu<span
class="Apple-converted-space"> </span><span
dir="ltr" class=""><<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br class="">
<blockquote
class="gmail_quote"
style="margin: 0px 0px
0px 0.8ex;
border-left-width: 1px;
border-left-color:
rgb(204, 204, 204);
border-left-style:
solid; padding-left:
1ex;">
<div bgcolor="#FFFFFF"
text="#000000"
class="">
<p class=""><br
class="">
</p>
<div class=""><br
class="">
<br class="">
--------
Birbidalitako mezua
--------
<table class=""
border="0"
cellpadding="0"
cellspacing="0">
<tbody class="">
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Gaia:</th>
<td class="">Re:
[keycloak-user] Redirection issue with proxy behind keycloak</td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Data:</th>
<td class="">Mon,
30 May 2016
13:28:21 +0200</td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Nork:</th>
<td class="">Aritz
Maeztu<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-rfc2396E" href="mailto:amaeztu@tesicnor.com"><amaeztu@tesicnor.com></a></a></td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">Nori:</th>
<td class=""><a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:stian@redhat.com"><a class="moz-txt-link-abbreviated" href="mailto:stian@redhat.com">stian@redhat.com</a></a></td>
</tr>
<tr class="">
<th class=""
align="RIGHT"
nowrap="nowrap" valign="BASELINE">CC:</th>
<td class="">Niels
Bertram<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:nielsbne@gmail.com"><a class="moz-txt-link-rfc2396E" href="mailto:nielsbne@gmail.com"><nielsbne@gmail.com></a></a>,
keycloak-user<span
class="Apple-converted-space"> </span><a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a>,
Scott Rossillo<span
class="Apple-converted-space"> </span><a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:srossillo@smartling.com"><srossillo@smartling.com></a></td>
</tr>
</tbody>
</table>
<div class="">
<div class="h5"><br
class="">
<br class="">
<p class="">I've
done all the
traceability
from the proxy
server till
the login page
is displayed:</p>
<p class="">First
step,
/organization/organizations
is requested,
so the proxy
server knows
it has to be
forwarded to
the 8083 port
(the one for
the
organization
service).
That's the
first request
received by my
application's
Tomcat:</p>
<p class=""><font
class=""
face="Courier
New" size="-2">2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
START
TIME
=30-may-2016
13:01:18<br
class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
requestURI=/organizations<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
authType=null<br
class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
characterEncoding=UTF-8<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contentLength=-1<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contentType=null<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contextPath=<br
class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=accept-language=es-ES,es;q=0.8<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=x-forwarded-host=mies-057:8765<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=x-forwarded-prefix=/organization<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=upgrade-insecure-requests=1<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=accept-encoding=gzip<br class="">
2016-05-30
13:01:18.888
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=user-agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like
Gecko)
Chrome/50.0.2661.102
Safari/537.36<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=netflix.nfhttpclient.version=1.0<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=x-netflix-httpclientname=organization<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=host=mies-057:8083<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=connection=Keep-Alive<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
locale=es_ES<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
method=GET<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
pathInfo=null<br
class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
protocol=HTTP/1.1<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
queryString=null<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteAddr=192.168.56.1<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteHost=192.168.56.1<br class="">
2016-05-30
13:01:18.889
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteUser=null<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
requestedSessionId=null<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
scheme=http<br
class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
serverName=mies-057<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
serverPort=8083<br class="">
2016-05-30
13:01:18.890
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
servletPath=/organizations<br class="">
2016-05-30
13:01:18.891
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
isSecure=false<br
class="">
2016-05-30
13:01:18.891
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
------------------=--------------------------------------------</font></p>
<p class="">Here
x-forwarded-host is mies-057:8765 (the proxy server) and
x-forwarded-prefix
is
/organization.
So the
original
request is
kept in the
headers. Well,
now my service
(8083) tries
to check for
authorization
via the
/sso/login
endpoint from
the keycloak
spring
security
adapter:<br
class="">
</p>
<p class=""><font
class=""
face="Courier
New" size="-2">2016-05-30
13:01:18.892
DEBUG 18096
---
[nio-8083-exec-9]
o.k.a.s.management.HttpSessionManager : Session created:
CDCA7AD4439DE94BD0B3B5803DAA0752<br
class="">
2016-05-30
13:01:18.892
DEBUG 18096
---
[nio-8083-exec-9]
k.a.s.a.KeycloakAuthenticationEntryPoint : Redirecting to login URI
/sso/login<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
------------------=--------------------------------------------<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
authType=null<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
contentType=null<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=X-Content-Type-Options=nosniff<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=X-XSS-Protection=1; mode=block<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Cache-Control=no-cache, no-store, max-age=0, must-revalidate<br
class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Pragma=no-cache<br class="">
2016-05-30
13:01:18.892
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Expires=0<br class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=X-Frame-Options=DENY<br class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Set-Cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752; Path=/;
HttpOnly<br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
header=Location=<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a><br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
remoteUser=null<br class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
status=302<br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
END
TIME
=30-may-2016
13:01:18<br
class="">
2016-05-30
13:01:18.893
INFO 18096 ---
[nio-8083-exec-9] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-9
===============================================================<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
START
TIME
=30-may-2016
13:01:18<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
requestURI=/sso/login<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
authType=null<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
characterEncoding=UTF-8<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
contentLength=-1<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
contentType=null<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
contextPath=<br
class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752<br class="">
2016-05-30
13:01:18.902
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=host=mies-057:8083<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=connection=keep-alive<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=upgrade-insecure-requests=1<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=user-agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like
Gecko)
Chrome/50.0.2661.102
Safari/537.36<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=accept-encoding=gzip, deflate, sdch<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=accept-language=es-ES,es;q=0.8<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
header=cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752<br class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
locale=es_ES<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
method=GET<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
pathInfo=null<br
class="">
2016-05-30
13:01:18.903
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
protocol=HTTP/1.1<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
queryString=null<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
remoteAddr=192.168.56.1<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
remoteHost=192.168.56.1<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
remoteUser=null<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
requestedSessionId=CDCA7AD4439DE94BD0B3B5803DAA0752<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
scheme=http<br
class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
serverName=mies-057<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
serverPort=8083<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
servletPath=/sso/login<br class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
isSecure=false<br
class="">
2016-05-30
13:01:18.904
INFO 18096 ---
[io-8083-exec-10] o.a.c.filters.RequestDumperFilter :
http-nio-8083-exec-10
------------------=--------------------------------------------<br
class="">
2016-05-30
13:01:18.904
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.PreAuthActionsHandler : adminRequest<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057:8083/sso/login"><a class="moz-txt-link-freetext" href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a></a><br
class="">
2016-05-30
13:01:18.904
DEBUG 18096
---
[io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter : Request is to process
authentication<br
class="">
2016-05-30
13:01:18.904
DEBUG 18096
---
[io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter : Attempting Keycloak
authentication<br
class="">
2016-05-30
13:01:18.904
TRACE 18096
---
[io-8083-exec-10]
o.k.adapters.RequestAuthenticator : --> authenticate()<br
class="">
2016-05-30
13:01:18.904
TRACE 18096
---
[io-8083-exec-10]
o.k.adapters.RequestAuthenticator : try bearer<br class="">
2016-05-30
13:01:18.904
TRACE 18096
---
[io-8083-exec-10]
o.k.adapters.RequestAuthenticator : try oauth<br class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.a.s.token.SpringSecurityTokenStore : Checking if
org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator@d328c2d
is cached<br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : there was no code<br class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : redirecting to auth server<br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : callback uri:<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057:8083/sso/login"><a class="moz-txt-link-freetext" href="http://mies-057:8083/sso/login">http://mies-057:8083/sso/login</a></a><br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
f.KeycloakAuthenticationProcessingFilter : Auth outcome: NOT_ATTEMPTED<br
class="">
2016-05-30
13:01:18.905
DEBUG 18096
---
[io-8083-exec-10]
o.k.adapters.OAuthRequestAuthenticator : Sending redirect to login
page:<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true"><a class="moz-txt-link-freetext" href="http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true">http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true</a></a></font></p>
<p class="">As
it's shown in
the logs, the
X-forwarded
logs are not
kept by the
keycloak
adapter (look
at the lines
below<span
class="Apple-converted-space"> </span><font
class=""
face="Courier
New" size="-2">k.a.s.a.KeycloakAuthenticationEntryPoint
: Redirecting
to login URI
/sso/login</font>).
So could it be
the proxy
server itself
being properly
configured but
the keycloak
adapter losing
the original
headers while
performing the
redirection?</p>
<p class="">I've
also set up
the request
dumper in the
undertow
server as
Niels
suggested, but
obviously,
X-forwarded
headers are
not reaching
the keycloak
server..</p>
<p class="">Thanks
for your time,
again ;-)<br
class="">
</p>
<p class=""><br
class="">
</p>
<br class="">
<div class="">25/05/2016
7:22(e)an,
Stian
Thorgersen
igorleak
idatzi zuen:<br
class="">
</div>
<blockquote
type="cite"
class="">
<div dir="ltr"
class="">You
need the Host
and
X-Forwarded-For
headers to be
included and
there's also
some config to
be done on the
Keycloak
server (see <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding"><a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding</a></a>)</div>
<div
class="gmail_extra"><br
class="">
<div
class="gmail_quote">On
24 May 2016 at
08:46, Aritz
Maeztu<span
class="Apple-converted-space"> </span><span
dir="ltr"
class=""><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br class="">
<blockquote
class="gmail_quote"
style="margin:
0px 0px 0px
0.8ex;
border-left-width:
1px;
border-left-color:
rgb(204, 204,
204);
border-left-style:
solid;
padding-left:
1ex;">
<div
bgcolor="#FFFFFF"
text="#000000"
class="">
<p class="">Hi
Niels and
Scott. First
of all, thank
you very much
for your help.
I'm currently
using Zuul
(Spring Cloud)
as the reverse
proxy. All the
services are
registered in
a discovery
service called
Eureka and
then Zuul
looks for the
service id
there and
performs de
redirection. I
read about<span
class="Apple-converted-space"> </span><font class="" face="monospace,
monospace">X-Forwarded
headers, but I
thought it
might result
in a security
issue if not
included, not
that it could
affect the
redirection
process.<span
class="Apple-converted-space"> </span><br class="">
</font></p>
<p class=""><font
class=""
face="monospace,
monospace">As
Scott says, I
suppose the
Host and the
X-Real-Ip
headers are
the relevant
ones here, so
I guess I
should
instruct Zuul
to send them
when the
service is
addressed
(however I
wonder why
they are not
already being
sent, as Zuul
is a proxy
service, all
in all).</font></p>
Here I include
a preview of
the first
redirection
made to the
keycloak login
page, which
shows the
request
headers sent
to the service
/login
endpoint (at
port 8081 in
localhost):<br
class="">
<br class="">
<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0"><a class="moz-txt-link-freetext" href="https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0">https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0</a></a><br
class="">
<br class="">
<div class="">24/05/2016
2:08(e)an,
Niels Bertram
igorleak
idatzi zuen:<br
class="">
</div>
<div class="">
<div class="">
<blockquote
type="cite"
class="">
<div dir="ltr"
class="">Hi
Artitz,
<div class=""><br
class="">
</div>
<div class="">a
great way to
figure out
what is sent
from the
reverse proxy
to your
keycloak
server is to
use the
undertow
request
dumper.
<div class=""><br
class="">
</div>
<div class="">From
the jboss-cli
just add the
request dumper
filter to your
undertow
configuration
like this:</div>
<div class=""><br
class="">
</div>
<div class="">
<div class=""><font
class=""
face="monospace,
monospace">$KC_HOME/bin/jbpss-cli.sh
-c</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/subsystem=undertow/configuration=filter/custom-filter=request-dumper:add(class-name=io.undertow.server.handlers.RequestDumpingHandler,
module=io.undertow.core)</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/subsystem=undertow/server=default-server/host=default-host/filter-ref=request-dumper:add</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">/:reload</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif">given
your apache
config looks
something like
this:</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyRequests Off</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPreserveHost On</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyVia On</font></div>
<div class=""><br
class="">
</div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPass /auth ajp://<a
moz-do-not-send="true"
href="http://127.0.0.1:8009/auth" target="_blank" class="">127.0.0.1:8009/auth</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace"> <span
class="Apple-converted-space"> </span>ProxyPassReverse /auth ajp://<a
moz-do-not-send="true"
href="http://127.0.0.1:8009/auth" target="_blank" class="">127.0.0.1:8009/auth</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace"><br
class="">
</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif">you
should see
something like
that (forwared
info is
somewhat
rubbish in
this example
as I am
running the
hosts on
Virtualbox -
but you can
see this
request was
put through 2
proxies from
local pc
192.168.33.1
to haproxy on
192.168.33.80
and then
apache reverse
proxy on
192.168.33.81
):</font></div>
<div class=""><font
class=""
face="arial,
helvetica,
sans-serif"><br
class="">
</font></div>
<div class=""><font
class=""
face="monospace,
monospace">==============================================================</font></div>
<div class=""><font
class=""
face="monospace,
monospace">23:47:20,563
INFO
[io.undertow.request.dump]
(default
task-14)</font></div>
<div class=""><font
class=""
face="monospace,
monospace">----------------------------REQUEST---------------------------</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
URI=/auth/welcome-content/favicon.ico</font></div>
<div class=""><font
class=""
face="monospace,
monospace"> characterEncoding=null</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentLength=-1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentType=null</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept=*/*</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept-Language=en-US,en;q=0.8,de;q=0.6</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Cache-Control=no-cache</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Accept-Encoding=gzip,
deflate, sdch</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=DNT=1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Pragma=no-cache</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Original-To=192.168.33.80</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=User-Agent=Mozilla/5.0
(Windows NT
6.1; WOW64)
AppleWebKit/537.36
(KHTML, like
Gecko)
Chrome/50.0.2661.102
Safari/537.36</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Authorization=Basic
bmljZSB0cnkgYnV0IGFtIG5vdCBmcm9tIHllc3RlcmRheQo=</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-Proto=https</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-Port=443</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Forwarded-For=192.168.33.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Referer=<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://login.vagrant.dev/auth/"><a class="moz-txt-link-freetext" href="https://login.vagrant.dev/auth/">https://login.vagrant.dev/auth/</a></a></font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Host=login.vagrant.dev</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>locale=[en_US,
en, de]</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>method=GET</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>protocol=HTTP/1.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
queryString=</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>remoteAddr=<a
moz-do-not-send="true" href="http://192.168.33.1:0/" target="_blank"
class="">192.168.33.1:0</a></font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>remoteHost=192.168.33.1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>scheme=https</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>host=login.vagrant.dev</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>serverPort=443</font></div>
<div class=""><font
class=""
face="monospace,
monospace">--------------------------RESPONSE--------------------------</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentLength=627</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
contentType=application/octet-stream</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Cache-Control=max-age=2592000</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=X-Powered-By=Undertow/1</font></div>
<div class=""><font
class=""
face="monospace,
monospace">
<span
class="Apple-converted-space"> </span>header=Server=WildFly/10</font></div>
</div>
<div class=""><br
class="">
</div>
<div class=""><br
class="">
</div>
<div class="">Hope
this helps
diagnosing
your issue.
Niels</div>
</div>
</div>
<div
class="gmail_extra"><br
class="">
<div
class="gmail_quote">On
Tue, May 24,
2016 at 1:20
AM, Aritz
Maeztu<span
class="Apple-converted-space"> </span><span
dir="ltr"
class=""><<a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:amaeztu@tesicnor.com"><a class="moz-txt-link-abbreviated" href="mailto:amaeztu@tesicnor.com">amaeztu@tesicnor.com</a></a>></span><span
class="Apple-converted-space"> </span>wrote:<br class="">
<blockquote
class="gmail_quote"
style="margin:
0px 0px 0px
0.8ex;
border-left-width:
1px;
border-left-color:
rgb(204, 204,
204);
border-left-style:
solid;
padding-left:
1ex;">
<div
bgcolor="#FFFFFF"
text="#000000"
class="">
<p class="">I'm
using keycloak
to securize
some Spring
based services
(with the
keycloak
spring
security
adapter). The
adapter
creates a
`/login`
endpoint in
each of the
services which
redirects to
the keycloak
login page and
then redirects
back to the
service when
authentication
is done. I
also have a
proxy service
which I want
to publish in
the 80 port
and will take
care of
routing all
the requests
to each
service. The
proxy performs
a plain
FORWARD to the
service, but
the problem
comes when I
securize the
service with
the keycloak
adapter.<span
class="Apple-converted-space"> </span><br class="">
</p>
<p class="">When
I make a
request, the
adapter
redirects to
its login
endpoint and
then to the
keycloak auth
url. When
keycloak sends
the
redirection,
the url shown
in the browser
is the one
from the
service and
not the one
from the
proxy. Do I
have some
choice to tell
the adapter I
want to
redirect back
to the first
requested url?<span
class=""><font
class=""
color="#888888"><br
class="">
</font></span></p>
<span class=""><font
class=""
color="#888888"><br
class="">
<div class="">--<span
class="Apple-converted-space"> </span><br class="">
<div class="">
<table
style="width:
600px;
border-collapse:
collapse;"
class="">
<tbody
class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);"
class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;"
class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part19.56DB68FA.497140B7@tesicnor.com"
class=""><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true" href="http://www.tesicnor.com/" target="_blank"
class=""><span
id="cid:part21.58E351AA.F2ED0CD9@tesicnor.com" class=""><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;"
class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td
colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</font></span></div>
<br class="">
_______________________________________________<br class="">
keycloak-user
mailing list<br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:keycloak-user@lists.jboss.org"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<div class="">--<span
class="Apple-converted-space"> </span><br class="">
<div class="">
<table
style="width:
600px;
border-collapse:
collapse;"
class="">
<tbody
class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);"
class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;"
class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part25.2C9B09F3.39D2312E@tesicnor.com"
class=""><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true" href="http://www.tesicnor.com/" target="_blank"
class=""><span
id="cid:part27.32F0155C.797C1982@tesicnor.com" class=""><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;"
class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td
colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<br class="">
_______________________________________________<br class="">
keycloak-user
mailing list<br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:keycloak-user@lists.jboss.org"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
class="">
<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<div class="">--<span
class="Apple-converted-space"> </span><br class="">
<div class="">
<table
style="width:
600px;
border-collapse:
collapse;"
class="">
<tbody
class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);"
class=""><span
style="font-weight: bold;" class="">Aritz Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;"
class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152,
152);
padding-left:
20px;"
class=""><a
moz-do-not-send="true"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
target="_blank" class=""><span
id="cid:part31.44462D60.3CB18DF8@tesicnor.com"
class=""><Mail
Attachment.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true" href="http://www.tesicnor.com/" target="_blank"
class=""><span
id="cid:part33.A4B1AB31.24F4A888@tesicnor.com" class=""><Mail
Attachment.png></span></a></td>
<td
style="font-size:
12px;"
class="">
<p
style="padding-left:
20px;"
class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td
colspan="2"
class=""><span
style="color:
rgb(0, 153,
0); font-size:
12px;"
class="">Antes
de imprimir
este e-mail
piense bien si
es necesario
hacerlo: El
medioambiente
es cosa de
todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
_______________________________________________<br class="">
keycloak-user mailing
list<br class="">
<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" class=""><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br
class="">
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank"
class=""><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br
class="">
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">
<div class="moz-signature"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);">--<span
class="Apple-converted-space"> </span><br
class="">
<div class="moz-signature">
<table style="width: 600px;
border-collapse:
collapse;" class="">
<tbody class="">
<tr class="">
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152, 152);"
class=""><span
style="font-weight:
bold;" class="">Aritz
Maeztu Otaño</span><br
class="">
<span
style="font-size:
12px;" class="">Departamento
Desarrollo de
Software</span></td>
<td
style="border-bottom-width:
1px;
border-bottom-style:
solid;
border-bottom-color:
rgb(152, 152, 152);
padding-left: 20px;"
class=""><a
moz-do-not-send="true"
target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES"
class=""><span
id="cid:part37.F59A5EDB.10D112D3@tesicnor.com"
class=""><linkdin.gif></span></a></td>
</tr>
<tr class="">
<td class=""><a
moz-do-not-send="true"
target="_blank"
href="http://www.tesicnor.com/"
class=""><span
id="cid:part39.C21A5AC2.3618B928@tesicnor.com"
class=""><logo.png></span></a></td>
<td style="font-size:
12px;" class="">
<p
style="padding-left:
20px;" class=""><span
class="">Pol.
Ind. Mocholi.</span><span
class="Apple-converted-space"> </span><span class="">C/Rio Elorz, Nave
13E<span
class="Apple-converted-space"> </span></span><span
style="font-weight: bold;" class="">31110 Noain (Navarra)</span><br
class="">
<span class="">Telf.:
948 21 40 40</span><span
class="Apple-converted-space"> </span><br class="">
<span class="">Fax.:
948 21 40 41</span><span
class="Apple-converted-space"> </span><br class="">
</p>
</td>
</tr>
<tr class="">
<td colspan="2"
class=""><span
style="color:
rgb(0, 153, 0);
font-size: 12px;"
class="">Antes de
imprimir este
e-mail piense bien
si es necesario
hacerlo: El
medioambiente es
cosa de todos.</span></td>
</tr>
</tbody>
</table>
</div>
</div>
<span style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255); float:
none; display: inline
!important;" class="">_______________________________________________</span><br
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">
<span style="font-family:
Helvetica; font-size: 12px;
font-style: normal;
font-variant-caps: normal;
font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255); float:
none; display: inline
!important;" class="">keycloak-user
mailing list</span><br
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">keycloak-user@lists.jboss.org</a><br
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
style="font-family: Helvetica;
font-size: 12px; font-style:
normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
orphans: auto; text-align:
start; text-indent: 0px;
text-transform: none;
white-space: normal; widows:
auto; word-spacing: 0px;
-webkit-text-stroke-width:
0px; background-color:
rgb(255, 255, 255);" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<br class="">
<br class="">
<hr style="border:none; color:#909090;
background-color:#B0B0B0; height: 1px;
width: 99%;" class="">
<table
style="border-collapse:collapse;border:none;"
class="">
<tbody class="">
<tr class="">
<td style="border:none;padding:0px
15px 0px 8px" class=""> <a
moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class=""> <img
moz-do-not-send="true"
src="http://static.avast.com/emails/avast-mail-stamp.png"
alt="Avast logo" class=""
border="0"> </a> </td>
<td class="">
<p style="color:#3d4d5a;
font-family:"Calibri","Verdana","Arial","Helvetica";
font-size:12pt;" class=""> El
software de antivirus Avast ha
analizado este correo
electrónico en busca de virus. <br
class="">
<a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class="">www.avast.com</a> </p>
</td>
</tr>
</tbody>
</table>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br class="">
<br class="">
<br class="">
<hr style="border:none; color:#909090;
background-color:#B0B0B0; height: 1px; width: 99%;"
class="">
<table style="border-collapse:collapse;border:none;"
class="">
<tbody class="">
<tr class="">
<td style="border:none;padding:0px 15px 0px 8px"
class=""> <a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class=""> <img moz-do-not-send="true"
src="http://static.avast.com/emails/avast-mail-stamp.png"
alt="Avast logo" class="" border="0"> </a>
</td>
<td class="">
<p style="color:#3d4d5a;
font-family:"Calibri","Verdana","Arial","Helvetica";
font-size:12pt;" class=""> El software de
antivirus Avast ha analizado este correo
electrónico en busca de virus. <br class="">
<a moz-do-not-send="true"
href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
class="">www.avast.com</a> </p>
</td>
</tr>
</tbody>
</table>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
<div class="moz-signature">
<table style="cellspadding: 0; width: 600; align: left;
border-collapse: collapse;">
<tbody>
<tr>
<td style="border-bottom-width: 1px;
border-bottom-style: solid; border-bottom-color:
#989898;"> <span style="font-weight:bold">Aritz
Maeztu Otaño</span><br>
<span style="font-size: 12px;">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width: 1px;
border-bottom-style: solid; border-bottom-color:
#989898; padding-left: 20px;"> <a
moz-do-not-send="true" target="_blank"
href="https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES">
<img src="cid:part53.36276F2B.40C231BB@tesicnor.com"
border="0">
<!--<img src="linkdin.gif" border="0" />--> </a> </td>
</tr>
<tr>
<td> <a moz-do-not-send="true" target="_blank"
href="http://www.tesicnor.com"> <img
shrinktofit="true"
src="cid:part55.F2149DBE.24863970@tesicnor.com"
border="0" width="143">
<!--<img shrinktofit="true" src="logo.png" width="143" border="0" />-->
</a> </td>
<td style="font-size: 12px;">
<p style="padding-left: 20px;"> <span>Pol. Ind.
Mocholi.</span> <span>C/Rio Elorz, Nave 13E </span><span
style="font-weight:bold">31110 Noain (Navarra)</span><br>
<span>Telf.: 948 21 40 40</span> <br>
<span>Fax.: 948 21 40 41</span> <br>
</p>
</td>
</tr>
<tr>
<td colspan="2"> <span style="color: #009900;font-size:
12px;">Antes de imprimir este e-mail piense bien si
es necesario hacerlo: El medioambiente es cosa de
todos.</span> </td>
</tr>
</tbody>
</table>
</div>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="moz-signature">
<table style="cellspadding: 0; width: 600; align: left;
border-collapse: collapse;">
<tbody>
<tr>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898;"> <span
style="font-weight:bold">Aritz Maeztu Otaño</span><br>
<span style="font-size: 12px;">Departamento Desarrollo
de Software</span> </td>
<td style="border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: #989898; padding-left:
20px;"> <a target="_blank"
href="https://www.linkedin.com/in/aritz-maeztu-ota%C3%B1o-65891942">
<img src="cid:part57.341A2155.5F5D0E93@tesicnor.com"
border="0"> </a> </td>
</tr>
<tr>
<td> <a target="_blank" href="http://www.tesicnor.com"> <img
shrinktofit="true"
src="cid:part59.8FB86376.924FEACE@tesicnor.com"
border="0" width="143"> </a> </td>
<td style="font-size: 12px;">
<p style="padding-left: 20px;"> <span>Pol. Ind.
Mocholi.</span> <span>C/Rio Elorz, Nave 13E </span><span
style="font-weight:bold">31110 Noain (Navarra)</span><br>
<span>Telf. Aritz Maeztu: 948 68 03 06</span> <br>
<span>Telf. Secretaría: 948 21 40 40</span> <br>
</p>
</td>
</tr>
<tr>
<td colspan="2"> <span style="color: #009900;font-size:
12px;">Antes de imprimir este e-mail piense bien si es
necesario hacerlo: El medioambiente es cosa de todos.</span>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>