Hi,
So far, for the sake of the demo, I have configured all the involved containers to have net: "host" so they share the same ip, and configured also a port offset for the keycloak server. This way, localhost maps to bot containers (apiman and keycloak).
This is not a solution, but at least a workaround for now, and I think a solution should come from Keycloak.

Also, I noticed that if I have the keycload server running on a docker container on port 8080 and I have it mapped externaly to port 8081 then same problem arises.

This could be tested with the official keycloak docker images available at http://jboss.org/docker with the following command (if they worked):

 docker run -it --rm -p 8081:8080 -p 9090:9090 jboss/keycloak-examples

2015-01-21 12:23 GMT+01:00 Stian Thorgersen <stian@redhat.com>:


----- Original Message -----
> From: "Jorge Morales Pou" <jorgemoralespou@gmail.com>
> To: keycloak-user@lists.jboss.org
> Sent: Wednesday, 21 January, 2015 10:43:52 AM
> Subject: [keycloak-user] Keycloak server securing wildfly in docker   containers
>
> Hi,
> I have an scenario for Keycloak that I'm not able to solve in an easy way, so
> any help will be more than appreciated.
>
> In apiman ( http://www.apiman.io ) we are using Keycloak for securing the
> apiman rest endpoints. We are in the process of creating some demos with
> docker and for that one of the demos is having keycloak as a separate server
> to which the wildfly instances holding the apiman rest endpoint will
> redirect for authentication.
> So far, I've configured in this wildfly instances the auth-server-url to be
> the keycloakserver. Internal communication to this server is resolved by
> name, as it is docker links providing the accesibility, but this is an
> "internal ip to docker"
> The problem comes when I try to log into the escured resource, and I get a
> redirection to this "internal" ip, which my browser can not access, so I get
> an error.
>
> Is there a way to:
>
> a) Use a different URL for browser redirection as for internal redirection?
> b) Use a different redirection strategy?
> c) do it in any other way?

I'm currently looking into a solution to this, exactly how it'll work I haven't figured out yet. Should have something more concrete in a few weeks. Is this urgent for you or can it wait?

If you have any suggestions please let me know.

>
> Thanks for any help you can provide on this.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user