<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Verdana;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;

        font-family:"Calibri",sans-serif;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Hello,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Finally we upgraded to Keycloak 2.1.0.Final. We have configured Apache httpd proxy in front of the server. We configured keycloak server according to

<a href="https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html">

https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html</a>.&nbsp;

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">The configuration is still not complete/correct, probably I missed something. When I access proxied url for either of our configured realms I got unproxied auth-server-url:<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">[localuser@machine01:~/keycloak]$ curl -s http://lb.our.domain/auth/admin/governance/console/config | python -m json.tool<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">{<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;auth-server-url&quot;: &quot;http://machine01.our.domain:8081/auth&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;public-client&quot;: true,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;realm&quot;: &quot;governance&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;realm-public-key&quot;: &quot;MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv&#43;5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo&#43;n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;resource&quot;: &quot;security-admin-console&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;ssl-required&quot;: &quot;external&quot;<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">}<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">[localuser@machine01:~/keycloak]$ curl -s http://lb.our.domain/auth/admin/master/console/config | python -m json.tool<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">{<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;auth-server-url&quot;: &quot;http://machine01.our.domain:8081/auth&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;public-client&quot;: true,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;realm&quot;: &quot;master&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;realm-public-key&quot;: &quot;MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJYkLAIk&#43;/lkVQFcKtKKFG7/n9B5m7kBcExUg3VqbbbZZy3NUmfzRyQeKMw9TdFirXwhoS&#43;xnyYC/bo1m8BLJB3fACmPKSGdTZdsf9t37z12pWELUk07O5IfjNh5ITPgDmTkHY3dE1E4CxyabdSkhCGdGjBI0HZa8Ekc91Hk7JKCJ62g7yoEwHai8POiFAk2LoRUFlc42rpLmhvgZooUDD5/R/XUEOHk1U0fQJP0GAHjZyJnPisCoSdFoCoBoGb12m0PrFOXQBpn4QOMIiidU8Vt/D2Gc7I/fiPBhMKBXcinL5i5wvy1EizA8f9tRv4mvyb0&#43;fCT8aDi0M2qK7KvmwIDAQAB&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;resource&quot;: &quot;security-admin-console&quot;,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">&nbsp;&nbsp;&nbsp; &quot;ssl-required&quot;: &quot;external&quot;<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">}<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">How can I configure it to return the proxied version? Thanks.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D">Stefan.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1F497D"><o:p>&nbsp;</o:p></span></p>

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> Stian Thorgersen [mailto:sthorger@redhat.com]

<br>

<b>Sent:</b> Tuesday, June 28, 2016 3:51 PM<br>

<b>To:</b> KASALA Štefan &lt;Stefan.Kasala@posam.sk&gt;<br>

<b>Cc:</b> keycloak-user@lists.jboss.org<br>

<b>Subject:</b> Re: [keycloak-user] Getting 401 if trying to access app via loadbalancer<o:p></o:p></span></p>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<div>

<p class="MsoNormal">Firstly, please upgrade to a more recent Keycloak version. Then refer to&nbsp;<a href="https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html">https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html</a>

 for details on how to setup a reverse proxy / load balancer in front of Keycloak.<o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<div>

<p class="MsoNormal">On 27 June 2016 at 09:18, KASALA Štefan &lt;<a href="mailto:Stefan.Kasala@posam.sk" target="_blank">Stefan.Kasala@posam.sk</a>&gt; wrote:<o:p></o:p></p>

<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">

<div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">Hello,</span><o:p></o:p></p>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">we have installed JBoss Overlord Rtgov 2.1.0 which is using Keycloak&nbsp;1.2.0.Beta1. It is running on JBoss EAP 6.3,

 I will name it with hostname app01. We have a load balancer under another hostname lb</span><span style="font-size:9.5pt;font-family:&quot;Verdana&quot;,sans-serif">app&nbsp;</span><span style="font-size:10.0pt;font-family:&quot;Verdana&quot;,sans-serif">in front of the deployed app.

 I am able to call the rest interface of RtGov directly on machine&nbsp;</span><span style="font-size:9.5pt;font-family:&quot;Verdana&quot;,sans-serif">app01 but not using lbapp, I get 401 - Unauthorized from Keycloak. My guess is there is some check against hostname in http

 request. Is there some possibility to register aliases with the keycloak to enable calls via load balancer? Thanks.</span><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.5pt;font-family:&quot;Verdana&quot;,sans-serif">Stefan Kasala</span><o:p></o:p></p>

</div>

</div>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

<div class="MsoNormal" align="center" style="text-align:center">

<hr size="2" width="100%" align="center">

</div>

<p class="MsoNormal"><span style="font-size:7.5pt;font-family:&quot;Arial&quot;,sans-serif;color:gray"><br>

Táto správa je určená iba pre uvedeného príjemcu a môže obsahovať dôverné alebo interné informácie. Ak ste ju omylom obdržali, upovedomte o tom prosím odosielateľa a vymažte ju. Akýkoľvek iný spôsob použitia tohto e-mailu je zakázaný.<br>

<br>

This message is for the designated recipient only and may contain confidential or internal information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.</span><o:p></o:p></p>

</div>

<p class="MsoNormal"><br>

_______________________________________________<br>

keycloak-user mailing list<br>

<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></p>

</blockquote>

</div>

<p class="MsoNormal"><o:p>&nbsp;</o:p></p>

</div>

</div>

<br>

<hr>

<font face="Arial" color="Gray" size="1"><br>

Táto správa je určená iba pre uvedeného príjemcu a môže obsahovať dôverné alebo interné informácie. Ak ste ju omylom obdržali, upovedomte o tom prosím odosielateľa a vymažte ju. Akýkoľvek iný spôsob použitia tohto e-mailu je zakázaný.<br>

<br>

This message is for the designated recipient only and may contain confidential or internal information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.<br>

</font>

</body>

</html>