Hi Bill, Thank your for your answer, but I still don't seem to get Keycloak to "catch" my requests against the protected application. Let me make the scenario clear: 1. Application to be protected runs on http://localhost:*8280*/backend 2. Server proxy started and runs on http://localhost:*8080*, when I type http://localhost:8080/backend in the browser I see the protected application 3. Keycloak server runs on http://localhost:*8180*/auth 4. The adapter config in the "applications" section corresponds now the proxy client I have configured in the Keycloak realm: Client ID: proxy Client Protocol: openid-connect Access Type: confidential Valid Redirect URIs: http://localhost:8080/backend/* I am not sure how to configure the proxy Server - now I have the following: { "target-url": "*http://localhost:8280/*", ??? "send-access-token": false, "bind-address": "localhost", "http-port": "8080", ??? "applications": [ { "base-path": "*/backend*", "error-page": "/error.html", "adapter-config": { "realm": "demo", "resource": "*proxy*", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", "auth-server-url": "http://localhost:8180/auth", "ssl-required" : "external", "principal-attribute": "name", "credentials": { "secret": "4ef4196d-9e86-4795-9219-dc1288b87c2b" } } } ] } Questions: 1. The target-url I set it to the URL of the application the proxy server is proxying - this means the server can only proxy applications on the same URL? 2. What am I doing wrong :((((? Thanks a bunch, Adrian "Can't really see the screenshot, but you have to point keycloak to the host/port of the proxy. On 11/19/2015 9:13 AM, Adrian Matei wrote: > Hi everyone, > > I am trying to make a simple test and configure a keycloak proxy to > protect an application running on http://localhost:8280/backend/ >on looks like the following: > > { > "target-url": "http://localhost:8280/", > "send-access-token": false, > "bind-address": "localhost", > "http-port": "8080", > "applications": [ > { > "base-path": "/backend", > "error-page": "/error.html", > "adapter-config": { > "realm": "demo", > "resource": "sandbox-backend", > "realm-public-key": > "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", > "auth-server-url": "http://localhost:8180/auth", > "ssl-required" : "external", > "credentials": { > "secret": "9323cdd6-7e0e-46ce-814f-b5ac79581395" > } > } > } > ] > } > > 2. > I've started the proxy server as specified in the documentation "java > -jar bin/launcher.jar proxy.json" > I am getting an error "ERROR: UT005026: Jetty ALPN support not found on > boot class path, SPDY client will not be available.", but the server > still starts, I don't think there should be a problem with that... > > 3. In the admin console (keycloak running on port 8180) I've configured > the backend application like the following: > > Could you tell me what I am doing wrong? When I put in the app's url in > the browser it goes directly to the application... > > Thanks, > Adrian" _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user