Re: [keycloak-user] Using Keycloak Proxy behind a TLS terminating reverse proxy
Isn't that documentation for setting up keycloak behind a reverse proxy? I have the
keycloak appliance setup already, and can execute an OAuth flow *as long as the
redirect_uri passed by the application is correct*.
The problem is that the Keycloak Proxy is passing the wring redirect_uri to keycloak.
HTTPD is passing the x-forwarded-proto header to the proxy. And I don't believe the
proxy has a configuration file where you can modify the undertow configuration. The only
configuration I am aware of for the proxy is documented here:
http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#...
Am I missing something?
----- Original Message -----
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
On 7 April 2016 at 06:24, Chris Pitman <cpitman(a)redhat.com> wrote:
> Hey everyone,
>
> I'm trying to setup Keycloak Proxy to protect access to a legacy
> application. Right now we have HTTPD setup as a reverse proxy that
> terminates TLS and then passes through the request via HTTP to the legacy
> app. What I want to do is put the Keycloak Proxy in between HTTPD and the
> app.
>
> I've got it running, but the problem is the URL the proxy passes as the
> redirect url to keycloak. It is passing an "http://" url, which then
> doesn't match the configured redirect_urls in Keycloak. I'm assuming it
> does this since I'm using the HTTP port on the proxy.
>
> How can I get Keycloak Proxy to pass a redirect url with a "https://"
> scheme, even when not connecting via https to the proxy itself?
>
> Thanks,
> Chris Pitman
> Architect, Red Hat Consulting
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>