Hi,
Yes. I think keycloak proxy is quite similar to apache web proxy. Now the only difference is apache web proxy can reverse proxy for app hosted on different ip and port whereas keycloak proxy server seem like forcing the app to run on same ip and port. I have tried to change the base-path and target-url to use different ip and port but it does not work. Kindly share the opinions.
All browser HTTP requests go through the proxy. Your browser is never
redirected to the actual application. The actual application should be
behind a firewall or some other mechanism. Its the same concept as
using Apache HTTPD in front of an application.
On 2/17/2015 4:34 PM, Chen Keong Yap wrote:
> Hi,
>
> Is there any updates? The app is protected by proxy but after login is
> successful and is not redirect back to app and stay at proxy url
>
> On Feb 17, 2015 4:54 PM, "Chen Keong Yap" <chenkeong.yap@izeno.com
> <mailto:chenkeong.yap@izeno.com>> wrote:
>
> Hi,
>
> When i access my app from http://localhost:8080/customer-portal and
> it was redirected to keycloak login page
> (https://192.168.1.10:8443/auth). After login is successful, the
> request is redirected back to http://localhost:8080/customer-portal
> instead of http://localhost:9080/customer-portal. Can someone advise
> what's wrong with the settings?
>
> keycloak proxy server hosted on localhost:8080
>
> customer-portal application hosted on localhost:9080
>
> proxy.json configuration shown below.
>
> {
> "target-url": "http://localhost:8082",
> "bind-address": "localhost",
> "http-port": "8080",
> "https-port": "8443",
> "keystore": "classpath:ssl.jks",
> "keystore-password": "password",
> "key-password": "password",
> "send-access-token": true,
> "applications": [
> {
> "base-path": "/customer-portal",
> "error-page": "/error.html",
> "adapter-config": {
> "realm": "demo",
> "resource": "customer-portal",
> "realm-public-key":
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> "auth-server-url": "https://192.168.1.10:8443/auth",
> "ssl-required" : "external",
> "enable-cors" : true,
> "principal-attribute": "KEYCLOAK_NAME",
> "credentials": {
> "secret": "password"
> }
> }
> ,
> "constraints": [
> {
> "pattern": "/users/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/call-bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/bearer/*",
> "roles-allowed": [
> "user"
> ]
> },
> {
> "pattern": "/admins/*",
> "roles-allowed": [
> "admin"
> ]
> },
> {
> "pattern": "/users/permit",
> "permit": true
> },
> {
> "pattern": "/users/deny",
> "deny": true
> }
> ]
> }
> ]
>
>
> }
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user