6:42 a.m.
Hello,
I have a use case where Keycloak needs to be deployed behind two different proxies: UserA
—> ProxyA —> Keycloak <— ProxyB <— UserB, could you help to tell how to make
it work?
I followed the installation guide and got it work for UserA/ProxyA or UserB/ProxyB, but
cannot make it work for both. This major problem is, rather than two different providers
for UserA/ProxyA and UserB/ProxyB respectively, I can only set one fixed provider.
Can anyone shed some light?
Thanks,
Yang
7:02 a.m.
I assume you have different URLs exposed on the different proxies? If so
the built-in fixed provider doesn't enable this use-case. You have two
options here. Use the request provider and make the proxy refuse requests
with invalid host headers, or write your own custom provider. For the
latter it will only work as long as all clients use the public URL to
access Keycloak as well, as otherwise Keycloak won't be able to know which
is the correct public URL when it's accessed by an internal IP/address.
On Thu, 5 Sep 2019 at 13:58, Yang Yang <yy8402(a)icloud.com> wrote:
Hello,
I have a use case where Keycloak needs to be deployed behind two different
proxies: UserA —> ProxyA —> Keycloak <— ProxyB <— UserB, could you help to
tell how to make it work?
I followed the installation guide and got it work for UserA/ProxyA or
UserB/ProxyB, but cannot make it work for both. This major problem is,
rather than two different providers for UserA/ProxyA and UserB/ProxyB
respectively, I can only set one fixed provider.
Can anyone shed some light?
Thanks,
Yang
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:47 a.m.
Thank you very much for the information, Stian! In that case I would be trying with the
request provider.
Thanks,
Yang
On Sep 5, 2019, at 20:02, Stian Thorgersen
<sthorger(a)redhat.com> wrote:
I assume you have different URLs exposed on the different proxies? If so the built-in
fixed provider doesn't enable this use-case. You have two options here. Use the
request provider and make the proxy refuse requests with invalid host headers, or write
your own custom provider. For the latter it will only work as long as all clients use the
public URL to access Keycloak as well, as otherwise Keycloak won't be able to know
which is the correct public URL when it's accessed by an internal IP/address.
On Thu, 5 Sep 2019 at 13:58, Yang Yang <yy8402(a)icloud.com
<mailto:yy8402@icloud.com>> wrote:
Hello,
I have a use case where Keycloak needs to be deployed behind two different proxies: UserA
—> ProxyA —> Keycloak <— ProxyB <— UserB, could you help to tell how to make
it work?
I followed the installation guide and got it work for UserA/ProxyA or UserB/ProxyB, but
cannot make it work for both. This major problem is, rather than two different providers
for UserA/ProxyA and UserB/ProxyB respectively, I can only set one fixed provider.
Can anyone shed some light?
Thanks,
Yang
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
1953
days inactive
1953
days old
2 comments
2 participants
participants (2)
-
Stian Thorgersen -
Yang Yang