This is a different case. This is when Keycloak can't communicate to the
outside world unless it talks through a web proxy/firewall.
But, yes it would be nice to make it simpler for those that are using a
reverse proxy in front of Keycloak. Not sure we can though. The proxy has
to be configured correctly and it's not always trivial. We also have to
have the configuration option in Keycloak disabled by default as otherwise
it would allow sending fake X-Forwarded-.. headers to fake the remote IP
address. We can certainly improve docs around it though as they are not
straightforward and quite hidden.
On 18 April 2017 at 16:54, Bill Burke <bburke(a)redhat.com> wrote:
We gotta figure out if there is anything we can do out of the box to
help with this. THere's just so many questions on this and we're
continually referencing docs to people.
On 4/18/17 9:05 AM, Stian Thorgersen wrote:
> The configuration should be on the default HttpClient provider [1],
> configured through standalone.xml. Documentation is [2].
>
> We'd need some way of automating tests for it. Honestly, I don't know how
> that would look like. Maybe it could be achieved with a dummy proxy that
> allows checking what requests was made to it.
>
> [1]
>
https://github.com/keycloak/keycloak/blob/master/services/
src/main/java/org/keycloak/connections/httpclient/
DefaultHttpClientFactory.java
> [2]
>
https://keycloak.gitbooks.io/documentation/server_
installation/topics/network/outgoing.html
>
> On 11 April 2017 at 12:03, Plank Martin <Martin.Plank(a)softec.sk> wrote:
>
>> Hi all!
>>
>> We're using Keycloak in a corporate environment where all external
>> requests are blocked and must be sent via web proxy.
>> Therefore the ReCAPTCHA and social identity providers (from version
>> 3.0.0.CR1) do not work correctly. It can be fixed by configuring proxy
host
>> on Apache HttpClient, e.g. [1].
>>
>> I would be interested in contributing this. But I'm new to Keycloak
>> development, so I will appreciate any information that could help,
>> specifically:
>>
>> - What kind of automated tests do you expect to develop?
>>
>> - Where shoud be the proxy configuration stored?
>>
>> I have also submitted a Feature request with more information:
>>
https://issues.jboss.org/browse/KEYCLOAK-4743
>>
>> Thanks
>> Martin Plank
>>
>> [1]
https://hc.apache.org/httpcomponents-client-ga/
>> httpclient/examples/org/apache/http/examples/client/
>> ClientExecuteProxy.java
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev