11:24 a.m.
Hi,
Yes, it can be done with nginx, but I still hope this could be accomplished natively :)
The general idea is this:
a) if browser asks for "text/html" => act as confidential/public client, that
is
start keycloak login protocol
b) if browser asks for "application/json” => act as bearer only client, and in
case of authorization error, respond with proper 40x status
This would let me build an ‘isomorphic’ JavaScript application (http://isomorphic.net)
With keycloak-1.5.0 I see that there is no difference whether I accept text/html or
application/json:
tair$ curl -v -H 'Accept: text/html'
http://localhost:9080/hello-world/rest/something
* Trying ::1...
* connect to ::1 port 9080 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9080 (#0)
GET /hello-world/rest/something HTTP/1.1
Host: localhost:9080
User-Agent: curl/7.43.0
Accept: text/html
< HTTP/1.1 302 Found
< Expires: 0
< Cache-Control: no-cache, no-store, must-revalidate
< X-Powered-By: Undertow/1
< Set-Cookie: OAuth_Token_Request_State=72/c51bad76-7236-486e-aae6-9ec58c725666
< Server: WildFly/9
< Pragma: no-cache
< Location:
http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?respo...
< Date: Fri, 02 Oct 2015 15:53:32 GMT
< Connection: keep-alive
< Content-Length: 0
<
* Connection #0 to host localhost left intact
tair$ curl -v -H 'Accept: application/json'
http://localhost:9080/hello-world/rest/something
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9080 (#0)
GET /hello-world/rest/something HTTP/1.1
Host: localhost:9080
User-Agent: curl/7.43.0
Accept: application/json
< HTTP/1.1 302 Found
< Expires: 0
< Cache-Control: no-cache, no-store, must-revalidate
< X-Powered-By: Undertow/1
< Set-Cookie: OAuth_Token_Request_State=73/a8f13860-a35c-455a-9963-434c17e00a65
< Server: WildFly/9
< Pragma: no-cache
< Location:
http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?respo...
< Date: Fri, 02 Oct 2015 15:53:41 GMT
< Connection: keep-alive
< Content-Length: 0
<
* Connection #0 to host localhost left intact
Any workarounds there?
--
Tair Sabirgaliev
Bee Software, LLP
On October 2, 2015 at 20:54:01, Giriraj Sharma
(giriraj.sharma27@gmail.com(mailto:giriraj.sharma27@gmail.com)) wrote:
Hi,
One possible way is to put nginx as a reverse proxy in between browser and Keycloak
server instance. You can dig around using $content_type embedded variable of nginx
ngx_http_core_module or may be nginx_rewrite module and a simple tweak (may be an if
statement in nginx server/location block config) will help you in achieving the required.
Based on the value of content-type header, you can proxy-pass the requests to a different
upstream server via nginx.
Cheers,
On Fri, Oct 2, 2015 at 2:19 PM, Tair Sabirgaliev wrote:
>
> Hi,
>
> Is it possible to setup login redirection only for certain content types?
> I want to redirect only when the browser asks for text/html. For other types
> either 40x or Authorization challenge.
>
> --
> Tair Sabirgaliev
> Bee Software, LLP
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org(mailto:keycloak-user@lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Giriraj Sharma
about.me/girirajsharma
Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India 177005