Step 4 and 5 not happening
This is what is happening:
* Keycloak server is deployed at https://192.168.1.10:8443/auth
* Keycloak proxy is deployed at localhost:8080
* Customer portal is deployed at localhost:8082
1. Browser visits proxy
2. proxy sees browser is logged in, redirects to keycloak
3. Keycloak logs browser in, redirects back to proxy
4. proxy makes an out-of-band request to customer portal
5. proxy copies response from customer portal and returns it to browser
Which step is not happening?
On 2/18/2015 2:32 AM, Chen Keong Yap wrote:
Hi,
Yes. I think keycloak proxy is quite similar to apache web proxy. Now
the only difference is apache web proxy can reverse proxy for app hosted
on different ip and port whereas keycloak proxy server seem like forcing
the app to run on same ip and port. I have tried to change the base-path
and target-url to use different ip and port but it does not work. Kindly
share the opinions.
On Feb 18, 2015 11:27 AM, "Bill Burke" <bburke@redhat.com
<mailto:bburke@redhat.com>> wrote:
All browser HTTP requests go through the proxy. Your browser is never
redirected to the actual application. The actual application should be
behind a firewall or some other mechanism. Its the same concept as
using Apache HTTPD in front of an application.
On 2/17/2015 4:34 PM, Chen Keong Yap wrote:
> Hi,
>
> Is there any updates? The app is protected by proxy but after
login is
> successful and is not redirect back to app and stay at proxy url
>
> On Feb 17, 2015 4:54 PM, "Chen Keong Yap"
<chenkeong.yap@izeno.com <mailto:chenkeong.yap@izeno.com>
> <mailto:chenkeong.yap@izeno.com
<mailto:chenkeong.yap@izeno.com>>> wrote:
>
> Hi,
>
> When i access my app from
http://localhost:8080/customer-portal and
> it was redirected to keycloak login page
> (https://192.168.1.10:8443/auth). After login is successful, the
> request is redirected back to
http://localhost:8080/customer-portal
> instead of http://localhost:9080/customer-portal. Can someone
advise
> what's wrong with the settings?
>
> keycloak proxy server hosted on localhost:8080
>
> customer-portal application hosted on localhost:9080
>
> proxy.json configuration shown below.
>
> {
> "target-url": "http://localhost:8082",
> "bind-address": "localhost",
> "http-port": "8080",
> "https-port": "8443",
> "keystore": "classpath:ssl.jks",
> "keystore-password": "password",
> "key-password": "password",
> "send-access-token": true,
> "applications": [
> {
> "base-path": "/customer-portal",
> "error-page": "/error.html",
> "adapter-config": {
> "realm": "demo",
> "resource": "customer-portal",
> "realm-public-key":
>
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> "auth-server-url":
"https://192.168.1.10:8443/auth",
> "ssl-required" : "external",
> "enable-cors" : true,
> "principal-attribute": "KEYCLOAK_NAME",
> "credentials": {
> "secret": "password"
> }
> }
> ,
> "constraints": [
> {
> "pattern": "/users/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/call-bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/admins/*",
> "roles-allowed": [
> "admin"
> ]
> },
> {
> "pattern": "/users/permit",
> "permit": true
> },
> {
> "pattern": "/users/deny",
> "deny": true
> }
> ]
> }
> ]
>
>
> }
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com