1:32 a.m.
Hi,
Yes. I think keycloak proxy is quite similar to apache web proxy. Now the
only difference is apache web proxy can reverse proxy for app hosted on
different ip and port whereas keycloak proxy server seem like forcing the
app to run on same ip and port. I have tried to change the base-path and
target-url to use different ip and port but it does not work. Kindly share
the opinions.
On Feb 18, 2015 11:27 AM, "Bill Burke" <bburke(a)redhat.com> wrote:
All browser HTTP requests go through the proxy. Your browser is
never
redirected to the actual application. The actual application should be
behind a firewall or some other mechanism. Its the same concept as
using Apache HTTPD in front of an application.
On 2/17/2015 4:34 PM, Chen Keong Yap wrote:
> Hi,
>
> Is there any updates? The app is protected by proxy but after login is
> successful and is not redirect back to app and stay at proxy url
>
> On Feb 17, 2015 4:54 PM, "Chen Keong Yap" <chenkeong.yap(a)izeno.com
> <mailto:chenkeong.yap@izeno.com>> wrote:
>
> Hi,
>
> When i access my app from http://localhost:8080/customer-portal and
> it was redirected to keycloak login page
> (https://192.168.1.10:8443/auth). After login is successful, the
> request is redirected back to http://localhost:8080/customer-portal
> instead of http://localhost:9080/customer-portal. Can someone advise
> what's wrong with the settings?
>
> keycloak proxy server hosted on localhost:8080
>
> customer-portal application hosted on localhost:9080
>
> proxy.json configuration shown below.
>
> {
> "target-url": "http://localhost:8082",
> "bind-address": "localhost",
> "http-port": "8080",
> "https-port": "8443",
> "keystore": "classpath:ssl.jks",
> "keystore-password": "password",
> "key-password": "password",
> "send-access-token": true,
> "applications": [
> {
> "base-path": "/customer-portal",
> "error-page": "/error.html",
> "adapter-config": {
> "realm": "demo",
> "resource": "customer-portal",
> "realm-public-key":
>
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> "auth-server-url":
"https://192.168.1.10:8443/auth
",
> "ssl-required" : "external",
> "enable-cors" : true,
> "principal-attribute": "KEYCLOAK_NAME",
> "credentials": {
> "secret": "password"
> }
> }
> ,
> "constraints": [
> {
> "pattern": "/users/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/call-bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/admins/*",
> "roles-allowed": [
> "admin"
> ]
> },
> {
> "pattern": "/users/permit",
> "permit": true
> },
> {
> "pattern": "/users/deny",
> "deny": true
> }
> ]
> }
> ]
>
>
> }
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user