8:53 a.m.
I have a requirement to use Keycloak behind IIS where some sort of SSO
product is already integrated with IIS. Whatever this product is sets the
REMOTE_USER header. It is easy enough to write a custom authenticator for
Keycloak to use the REMOTE_USER header. However, Keycloak's Wildfly server
(or its embedded Undertow) appears to be stripping out the header.
Is there any way to configure Keycloak or its Wildfly to let the
REMOTE_USER header pass through? Or are there any clever workarounds?
Thanks in advance.
Glenn
2:55 a.m.
Not sure, but how are you retrieving the header? Did you try:
request.getHttpHeaders().getRequestHeaders().getFirst("REMOTE_USER")
Also is it the first authenticator in the flow?
On 15 September 2016 at 15:53, Glenn Campbell <campbellg(a)teds.com> wrote:
I have a requirement to use Keycloak behind IIS where some sort of
SSO
product is already integrated with IIS. Whatever this product is sets the
REMOTE_USER header. It is easy enough to write a custom authenticator for
Keycloak to use the REMOTE_USER header. However, Keycloak's Wildfly server
(or its embedded Undertow) appears to be stripping out the header.
Is there any way to configure Keycloak or its Wildfly to let the
REMOTE_USER header pass through? Or are there any clever workarounds?
Thanks in advance.
Glenn
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3005
days inactive
3010
days old
1 comments
2 participants
participants (2)
-
Glenn Campbell -
Stian Thorgersen