Re: [keycloak-user] Keycloak behind an IIS proxy

Hi Kevin, you should let Keycloak know that you are using https. With Apache httpd you need to add this parameter: RequestHeader set X-Forwarded-Proto "https" For sure IIS has something like this. Regards, Domenico Briganti Il giorno ven, 22/12/2017 alle 16.50 +0000, Kevin Cuijpers ha scritto: > Hello, > > I am trying to make KeyCloak work behind an IIS proxy. > Here is what I want to do: > KeyCloak is installed and available remotely on: > https://www.server.com/auth/ > On IIS I created an "Application Request Routing Cache" that I > already use for another application. > I created an "URL Rewrite" with inbound rule that takes pattern > auth/(.*) and rewrites it to rewrite url: http://127.0.0.1:8080/auth/ > {R:1} > > Now my problem is that this rewrite url is used by the keycloak > server when a user tries to log in. > If my application redirects the user to log in, the url is https://ww > w.server.com/auth/realms/myrealm/protocol/openid- > connect/auth?response_type=code&client_id=... > but behind the Login button, the action is http://127.0.0.1:8080/auth > /realms/myrealm/login-actions/aut... > which of course doesn't work because it needs to be https://www.serve > r.com instead of http://127.0.0.1:8080 > > I have tried about everything in http://www.keycloak.org/docs/latest/ > server_installation/index.html#identifying-client-ip-addresses but > without success. > If I use proxy-address-forwarding="true" I get > We're sorry ... > > HTTPS required > > Can somebody please clarify how I can configure keycloak to use https > ://www.server.com instead of http://127.0.0.1:8080 ? > > Best regards, > > Kevin > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user