11:24 p.m.
Hey everyone,
I'm trying to setup Keycloak Proxy to protect access to a legacy application. Right
now we have HTTPD setup as a reverse proxy that terminates TLS and then passes through the
request via HTTP to the legacy app. What I want to do is put the Keycloak Proxy in between
HTTPD and the app.
I've got it running, but the problem is the URL the proxy passes as the redirect url
to keycloak. It is passing an "http://" url, which then doesn't match the
configured redirect_urls in Keycloak. I'm assuming it does this since I'm using
the HTTP port on the proxy.
How can I get Keycloak Proxy to pass a redirect url with a "https://" scheme,
even when not connecting via https to the proxy itself?
Thanks,
Chris Pitman
Architect, Red Hat Consulting
12:59 a.m.
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
On 7 April 2016 at 06:24, Chris Pitman <cpitman(a)redhat.com> wrote:
Hey everyone,
I'm trying to setup Keycloak Proxy to protect access to a legacy
application. Right now we have HTTPD setup as a reverse proxy that
terminates TLS and then passes through the request via HTTP to the legacy
app. What I want to do is put the Keycloak Proxy in between HTTPD and the
app.
I've got it running, but the problem is the URL the proxy passes as the
redirect url to keycloak. It is passing an "http://" url, which then
doesn't match the configured redirect_urls in Keycloak. I'm assuming it
does this since I'm using the HTTP port on the proxy.
How can I get Keycloak Proxy to pass a redirect url with a "https://"
scheme, even when not connecting via https to the proxy itself?
Thanks,
Chris Pitman
Architect, Red Hat Consulting
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:36 a.m.
Isn't that documentation for setting up keycloak behind a reverse proxy? I have the
keycloak appliance setup already, and can execute an OAuth flow *as long as the
redirect_uri passed by the application is correct*.
The problem is that the Keycloak Proxy is passing the wring redirect_uri to keycloak.
HTTPD is passing the x-forwarded-proto header to the proxy. And I don't believe the
proxy has a configuration file where you can modify the undertow configuration. The only
configuration I am aware of for the proxy is documented here:
http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#...
Am I missing something?
----- Original Message -----
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
On 7 April 2016 at 06:24, Chris Pitman <cpitman(a)redhat.com> wrote:
> Hey everyone,
>
> I'm trying to setup Keycloak Proxy to protect access to a legacy
> application. Right now we have HTTPD setup as a reverse proxy that
> terminates TLS and then passes through the request via HTTP to the legacy
> app. What I want to do is put the Keycloak Proxy in between HTTPD and the
> app.
>
> I've got it running, but the problem is the URL the proxy passes as the
> redirect url to keycloak. It is passing an "http://" url, which then
> doesn't match the configured redirect_urls in Keycloak. I'm assuming it
> does this since I'm using the HTTP port on the proxy.
>
> How can I get Keycloak Proxy to pass a redirect url with a "https://"
> scheme, even when not connecting via https to the proxy itself?
>
> Thanks,
> Chris Pitman
> Architect, Red Hat Consulting
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
11:58 a.m.
On 07.04.2016 17:36, Chris Pitman wrote:
Isn't that documentation for setting up keycloak behind a reverse
proxy? I have the keycloak appliance setup already, and can execute an OAuth flow *as long
as the redirect_uri passed by the application is correct*.
The problem is that the Keycloak Proxy is passing the wring redirect_uri to keycloak.
HTTPD is passing the x-forwarded-proto header to the proxy. And I don't believe the
proxy has a configuration file where you can modify the undertow configuration. The only
configuration I am aware of for the proxy is documented here:
http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#...
Am I missing something?
Actually, I've seen something similar in an application I'm working on.
I didn't have time to debug it yet, but it *seems* that the Wildfly
Adapter is not recognizing the proper protocol and is building the
redirect_uri with "http" all the time.
- Juca.
12:39 p.m.
On 7 April 2016 at 17:36, Chris Pitman <cpitman(a)redhat.com> wrote:
Isn't that documentation for setting up keycloak behind a reverse
proxy? I
have the keycloak appliance setup already, and can execute an OAuth flow
*as long as the redirect_uri passed by the application is correct*.
Yep you're right, I was a bit hasty with that reply. Sorry.
The problem is that the Keycloak Proxy is passing the wring redirect_uri
to keycloak. HTTPD is passing the x-forwarded-proto header to the proxy.
And I don't believe the proxy has a configuration file where you can modify
the undertow configuration. The only configuration I am aware of for the
proxy is documented here:
http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#...
Can't really help you there, I've got no clue about the Keycloak Proxy
Am I missing something?
----- Original Message -----
>
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst...
>
> On 7 April 2016 at 06:24, Chris Pitman <cpitman(a)redhat.com> wrote:
>
> > Hey everyone,
> >
> > I'm trying to setup Keycloak Proxy to protect access to a legacy
> > application. Right now we have HTTPD setup as a reverse proxy that
> > terminates TLS and then passes through the request via HTTP to the
legacy
> > app. What I want to do is put the Keycloak Proxy in between HTTPD and
the
> > app.
> >
> > I've got it running, but the problem is the URL the proxy passes as the
> > redirect url to keycloak. It is passing an "http://" url, which then
> > doesn't match the configured redirect_urls in Keycloak. I'm assuming
it
> > does this since I'm using the HTTP port on the proxy.
> >
> > How can I get Keycloak Proxy to pass a redirect url with a
"https://"
> > scheme, even when not connecting via https to the proxy itself?
> >
> > Thanks,
> > Chris Pitman
> > Architect, Red Hat Consulting
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
3181
days inactive
3181
days old
4 comments
3 participants
participants (3)
-
Chris Pitman -
Juraci Paixão Kröhling -
Stian Thorgersen