Re: [keycloak-user] Keycloak admin-panel. Infinite loop.

Hi, Setup: OS: Centos 6.8 Keycloak version, 2.5.1-FINAL httpd version 2.2.15 I have configured httpd as a SSL off loading reverse proxy for Keycloak server. The proxy and the Keycloak are on different servers. Basically everything works fine, but I can't log in because I am been redirected back to the square one all the time. Here is the flow: GET https://idp.xxx.net/auth/admin/ GET https://idp.xxx.net/auth/realms/master/protocol/openid- connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F% 2Fidp.xxx.net%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state= eeb29809-a4aa-458b-8530-645729ce42e5&nonce=fe92d57a- ff26-4213-8907-d86febde7b92&response_mode=fragment& response_type=code&scope=openid POST https://idp.xxx.net/auth/realms/master/login-actions/authenticate?code= zH8Olb6siunn95aH89zRIPLJTgp3Dh46fo6FxdK9v64.1f4f0836-a5ca- 4dff-8f64-ac9bf461f946&execution=8d4a9760-42aa-4c9b-9419-a33944b88fd6 GET https://idp.xxx.net/auth/admin/master/console/#state= eeb29809-a4aa-458b-8530-645729ce42e5&code=6dHrd5I_USezn0sz4gIS_ UBq86fs5QDgiWK8FA8NX5c.1f4f0836-a5ca-4dff-8f64-ac9bf461f946 GET lots of resources: /config, login-status-iframe.html, /token, /messages.json and so on GET https://idp.xxx.net/auth/realms/master/protocol/openid- connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F% 2Fidp.xxx.net%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F% 3Fredirect_fragment%3D%252F&state=3ad5cb6c-8285-4d6c-80e4- b2dbb6320a47&nonce=4284a896-6694-4af8-9c91-71e4050455a2& response_mode=fragment&response_type=code&scope=openid and the same thing from the start. Forever. httpd configuration for SSL: ***** <VirtualHost *:443> ServerName idp.xxx.net ServerAdmin webmaster(a)xxx.net DocumentRoot /var/www/html/ <Directory /> Order deny,allow Allow from all Options FollowSymLinks AllowOverride None </Directory> <Proxy *> Order deny,allow Allow from all </Proxy> ProxyRequests Off RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" ProxyPreserveHost on ProxyPass / http://172.16.22.12:8080/ keepalive=On ProxyPassReverse / http://172.16.22.12:8080/ + lots of cipher suite setting and so on. ***** WildFly configuration: ***** <server name="default-server"> <http-listener name="default" proxy-address-forwarding="true" socket-binding="http" redirect-socket="proxy-https"/> <host name="default-host" alias="localhost idp.xxx.net"> <location name="/" handler="welcome-content"/> <filter-ref name="server-header"/> <filter-ref name="x-powered-by-header"/> </host> </server> .... <socket-binding-group name="standard-sockets" default-interface="any" port-offset="${jboss.socket.binding.port-offset:0}"> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:8080}"/> <socket-binding name="proxy-https" port="443"/> <socket-binding name="https" port="${jboss.https.port:8443}"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> ***** Does someone has some kind of clue why I am been redirected? First I think that this was some kind of http/https redirect problem, but when I enabled requestdumper @ wildfly I can see that everything is HTTPS. ***** ----------------------------REQUEST--------------------------- URI=/ characterEncoding=null contentLength=-1 contentType=null header=Accept=text/html,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8 header=Accept-Language=en-US,en;q=0.5 header=Accept-Encoding=gzip, deflate, br header=X-Forwarded-Server=idp.xxx.net header=User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0 header=Connection=Keep-Alive header=X-Forwarded-Proto=https header=X-Forwarded-Port=443 header=X-Forwarded-For=88.12.13.14 header=Upgrade-Insecure-Requests=1 header=Host=idp.xxx.net header=X-Forwarded-Host=idp.xxx.net locale=[en_US, en] method=GET protocol=HTTP/1.1 queryString= remoteAddr=88.12.13.14:0 remoteHost=88.12.13.14 scheme=https host=idp.xxx.net serverPort=443 ***** -Keijo _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user