Not sure, but how are you retrieving the header? Did you try:

request.getHttpHeaders().getRequestHeaders().getFirst("REMOTE_USER")

Also is it the first authenticator in the flow?

On 15 September 2016 at 15:53, Glenn Campbell <campbellg@teds.com> wrote:

I have a requirement to use Keycloak behind IIS where some sort of SSO product is already integrated with IIS. Whatever this product is sets the REMOTE_USER header. It is easy enough to write a custom authenticator for Keycloak to use the REMOTE_USER header. However, Keycloak's Wildfly server (or its embedded Undertow) appears to be stripping out the header.

Is there any way to configure Keycloak or its Wildfly to let the REMOTE_USER header pass through? Or are there any clever workarounds?

Thanks in advance.
Glenn

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user