Hi,
Setup:
OS: Centos 6.8
Keycloak version, 2.5.1-FINAL
httpd version 2.2.15
I have configured httpd as a SSL off loading reverse proxy for Keycloak
server. The proxy and the Keycloak are on different servers.
Basically everything works fine, but I can't log in because I am been
redirected back to the square one all the time.
Here is the flow:
GET
https://idp.xxx.net/auth/admin/
GET
https://idp.xxx.net/auth/realms/master/protocol/openid-connect/auth?clien...
POST
https://idp.xxx.net/auth/realms/master/login-actions/authenticate?code=zH...
GET
https://idp.xxx.net/auth/admin/master/console/#state=eeb29809-a4aa-458b-8...
GET lots of resources: /config, login-status-iframe.html, /token,
/messages.json and so on
GET
https://idp.xxx.net/auth/realms/master/protocol/openid-connect/auth?clien...
and the same thing from the start. Forever.
httpd configuration for SSL:
*****
<VirtualHost *:443>
ServerName
idp.xxx.net
ServerAdmin webmaster(a)xxx.net
DocumentRoot /var/www/html/
<Directory />
Order deny,allow
Allow from all
Options FollowSymLinks
AllowOverride None
</Directory>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPreserveHost on
ProxyPass /
http://172.16.22.12:8080/ keepalive=On
ProxyPassReverse /
http://172.16.22.12:8080/
+ lots of cipher suite setting and so on.
*****
WildFly configuration:
*****
<server name="default-server">
<http-listener name="default"
proxy-address-forwarding="true" socket-binding="http"
redirect-socket="proxy-https"/>
<host name="default-host" alias="localhost
idp.xxx.net">
<location name="/"
handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
....
<socket-binding-group name="standard-sockets"
default-interface="any"
port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http"
interface="management"
port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https"
interface="management"
port="${jboss.management.https.port:9993}"/>
<socket-binding name="ajp"
port="${jboss.ajp.port:8009}"/>
<socket-binding name="http"
port="${jboss.http.port:8080}"/>
<socket-binding name="proxy-https" port="443"/>
<socket-binding name="https"
port="${jboss.https.port:8443}"/>
<socket-binding name="txn-recovery-environment"
port="4712"/>
<socket-binding name="txn-status-manager"
port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
</socket-binding-group>
*****
Does someone has some kind of clue why I am been redirected?
First I think that this was some kind of http/https redirect problem,
but when I enabled requestdumper @ wildfly I can see that everything is
HTTPS.
*****
----------------------------REQUEST---------------------------
URI=/
characterEncoding=null
contentLength=-1
contentType=null
header=Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
header=Accept-Language=en-US,en;q=0.5
header=Accept-Encoding=gzip, deflate, br
header=X-Forwarded-Server=idp.xxx.net
header=User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X
10.11; rv:51.0) Gecko/20100101 Firefox/51.0
header=Connection=Keep-Alive
header=X-Forwarded-Proto=https
header=X-Forwarded-Port=443
header=X-Forwarded-For=88.12.13.14
header=Upgrade-Insecure-Requests=1
header=Host=idp.xxx.net
header=X-Forwarded-Host=idp.xxx.net
locale=[en_US, en]
method=GET
protocol=HTTP/1.1
queryString=
remoteAddr=88.12.13.14:0
remoteHost=88.12.13.14
scheme=https
host=idp.xxx.net
serverPort=443
*****
-Keijo