<div dir="ltr">To solve the redirect-uri issue I spun up a local instance of keycloak, exported the realm configuration with redirectUri's added for my url (Example <a href="https://testkeycloak.hi/*">https://testkeycloak.hi/*</a> ). <div><br></div><div>I added redirect uri's for the following client ID"s, client, master-realm, and security-admin-console. After I imported the configuration to my test instance I could not login so I had to run <span style="color:inherit;font-family:consolas,"liberation mono",menlo,courier,monospace;font-size:0.85em;line-height:inherit;white-space:pre;letter-spacing:0.2px;background-color:initial">add-user-keycloak.sh -r master -u admin -p pw (</span><font face="consolas, liberation mono, menlo, courier, monospace"><span style="font-size:11.05px;letter-spacing:0.2px;white-space:pre"><a href="https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.0/topics/initialization.html">https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.0/topics/initialization.html</a>) </span></font></div><div><br></div><div>This allowed me to login, but I have another issue being that I do not see any of the configuration options available for the master realm (It's just a white screen ) with the key cloak header picture below.<br><br><br><img src="cid:ii_1562280a2c69dba7" alt="Inline image 1" width="563" height="164"><br></div><div><br></div><div><br></div><div><br></div><div>I checked the dev console in chrome and didn't see any loads failing, and account management screen seems to work properly. </div><div><br></div><div><br></div><div>As a few other tests I ran nc -l 8080 and made sure my headers were being sent properly which is the case. </div><div><div>X-Real-IP: 127.0.0.1</div><div>X-Forwarded-For: 127.0.0.1</div><div>X-Forwarded-Proto: https</div></div><div><br></div><div><br></div><div><br></div><div><b>Nginx</b>: </div><div>My nginx configuration looks like this:</div><div><br></div><div><br></div><div><div>server {</div><div> listen 80;</div><div> server_name <a href="http://keycloak_testing.leveldatadevelopment.com">keycloak_testing.leveldatadevelopment.com</a>;</div><div> return 301 https://$host$request_uri;</div><div>}</div><div><br></div><div>server {</div><div> listen 443 ssl;</div><div> server_name <a href="http://keycloak_testing.leveldatadevelopment.com">keycloak_testing.leveldatadevelopment.com</a>;</div><div><br></div><div> ssl_certificate /etc/nginx/ssl/star.blah.com.crt;</div><div> ssl_certificate_key /etc/nginx/ssl/star.blah.com.key;</div><div><br></div><div> location / {</div><div> proxy_set_header Host $host:$server_port;</div><div> proxy_set_header X-Real-IP $remote_addr;</div><div> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div><div> proxy_set_header X-Forwarded-Proto $scheme;</div><div> proxy_redirect http:// https://;</div><div><br></div><div> proxy_pass <a href="http://172.123.123.184:8080">http://172.123.123.184:8080</a>;</div><div> }</div><div>}</div></div><div><br></div><div><br></div><div><b>Keycloak</b>:</div><div><br></div><div>I'm running keycloak with this command: bin/standalone.sh -b 0.0.0.0</div><div><br></div><div>standalone.xml - <a href="https://gist.github.com/visch/c9025bfc108f7c597cd1e4e263c02359">https://gist.github.com/visch/c9025bfc108f7c597cd1e4e263c02359</a></div><div><br></div><div>master-realm.json (Exported) - <a href="https://gist.github.com/visch/889db21ca9efa4bcb9e1bf9f783b5602">https://gist.github.com/visch/889db21ca9efa4bcb9e1bf9f783b5602</a></div><div><br></div><div><br></div><div><br></div><div>Does anyone have any ideas for other things I should try?</div><div><br></div><div>I think <a href="https://issues.jboss.org/browse/KEYCLOAK-3283">https://issues.jboss.org/browse/KEYCLOAK-3283</a> is a similar issue, but I could be wrong.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 21, 2016 at 5:21 PM, Derek Visch <span dir="ltr"><<a href="mailto:derek.visch@gmail.com" target="_blank">derek.visch@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Trying to setup reverse SSL for keycloak. Having issues finding documentation about this, it's mentioned in <a href="https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html" target="_blank">https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html</a> but the extra detail that's supposed to be in <a href="https://keycloak.gitbooks.io/server-adminstration-guide/content/" target="_blank">https://keycloak.gitbooks.io/server-adminstration-guide/content/</a> I could not find in regards to reverse SSL proxys.<div><br></div><div>Regardless I ended up following <a href="http://lists.jboss.org/pipermail/keycloak-user/2014-June/000453.html" target="_blank">http://lists.jboss.org/pipermail/keycloak-user/2014-June/000453.html</a> </div><div><br></div><div>From that previous mailling list post:<br><br></div><div><pre style="color:rgb(0,0,0)">Follow the documentation for your web server to enable SSL and configure reverse proxy for Keycloak. It is important that you make sure the web server sets the X-Forwarded-For and X-Forwarded-Proto headers on the requests made to Keycloak. Next you need to enable proxy-address-forwarding on the Keycloak http connector. Assuming that your reverse proxy doesn't use port 8443 for SSL you also need to configure what port http traffic is redirected to. This is done by editing standalone/configuration/standalone.xml.
First add proxy-address-forwarding and redirect-socket to the http-listener element:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
...
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
</subsystem>
Then add a new socket-binding element to the socket-binding-group element:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group></pre></div><div><br></div><div><br></div><div>but now when I go to log on to the admin console I get "We're sorry ... Invalid aparameter: redirect uri". </div><div><br></div><div><br></div><div><br></div><div>Tried stack overflow / google / IRC. No luck so far. </div><div><br></div><div>Any help would be appreciated :D</div><div><br></div><div>Thanks</div><div><br></div><div><br><div data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"></div></div></div></div>
</div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><p style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><b>Derek Visch</b> / Software Developer / Network Technician <br><a href="mailto:bipema@leveldata.com" target="_blank">dvisch@leveldata.com</a> / Direct: 269-488-2037</p><p style="color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><b>Level Data Inc.</b> <br>Office: 866.511.3282 <br>4787 Campus Dr. | Kalamazoo, MI 49008 <br><a href="http://www.leveldata.com/" target="_blank">http://www.leveldata.com</a></p></div></div></div></div>
</div>