Re: [keycloak-user] Redirect Issue with keycloak behind proxy and app behind Keycloak security proxy

hi all, We have the following set up with two DMZ boxes, one running a single KeyCloak security proxy and sending requests to a local NGINX proxy which farms out requests to internal applications. This should allow us to maintain a single namespace for all applications (<hostname>/appname redirects to appname.local) and gives authenticated visibility of who's accessing what at the front end proxy. DMZ: [KeyCloakSecProxy:80 ---> NGINX:8080] ---> TRUST: [Various applications] ---> TRUST: [Various applications] Keycloak runs on its own server and is published via an NGINX proxy in the DMZ DMZ: [NGINX:80] ---> TRUST: [Keycloak:8080] So clients hit the KeyCloak security Proxy, are redirected to KeyCloak and then after logging in, we get an "invalid Redirect URI" error from Keycloak. We've found that for some reason, the redirect URL from KeyCloak is appending the :8080 port value from the KeyCloak Security proxy (verified as if we change this port number, the value changes in the redirect URL). It's like KeyCloak is redirecting back to the NGINX:8080 proxy direct rather than back to the KeyCloak security proxy, which is what we were expecting. This is possibly by design, or possibly a bug, or possibly a side effect of our configuration. Has anyone tried using the KeyCloak security proxy in this manner? It's clear that the intended use is as a single instance adapter for a single local application, whereas our application happens to be an nginx proxy redirecting to different applications using location directives. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user