<div dir="ltr">Not sure, but how are you retrieving the header? Did you try:<div><br></div><div>request.getHttpHeaders().getRequestHeaders().getFirst("REMOTE_USER")<br></div><div><br></div><div>Also is it the first authenticator in the flow?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 15 September 2016 at 15:53, Glenn Campbell <span dir="ltr"><<a href="mailto:campbellg@teds.com" target="_blank">campbellg@teds.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I have a requirement to use Keycloak behind IIS where some sort of SSO product is already integrated with IIS. Whatever this product is sets the REMOTE_USER header. It is easy enough to write a custom authenticator for Keycloak to use the REMOTE_USER header. However, Keycloak's Wildfly server (or its embedded Undertow) appears to be stripping out the header. <div><br></div><div>Is there any way to configure Keycloak or its Wildfly to let the REMOTE_USER header pass through? Or are there any clever workarounds?</div><div><br></div><div>Thanks in advance.</div><span class="HOEnZb"><font color="#888888"><div>Glenn</div></font></span></div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>