1:17 p.m.
Hi,
When I try to login to master realm, I’am redirected back to login page.
I’m using:
Wildfly 8.2.0.Final
Keycloak version 1.1.0-Beta2
Apache2 as proxy server.
Here is my apache configuration
IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName accounts.e-karton.net <http://accounts.e-karton.net/>
ErrorLog ${APACHE_LOG_DIR}/accounts.e-karton.net
<http://accounts.e-karton.net/>-error.log
CustomLog ${APACHE_LOG_DIR}/accounts.e-karton.net
<http://accounts.e-karton.net/>-access.log combined
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
…SSL stuff omitted
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/htmles
# Turn off support for true Proxy behaviour as we are acting as
# a transparent proxy
ProxyRequests Off
# Turn off VIA header as we know where the requests are proxied
ProxyVia Off
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
SSLProxyEngine on
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://192.168.5.17:8009/ <ajp://192.168.5.17:8009/>
ProxyPassReverse / ajp://192.168.5.17:8009/ <ajp://192.168.5.17:8009/>
</VirtualHost>
</IfModule>
Wildfly configuration:
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" scheme="https"
socket-binding="ajp"/>
<http-listener name="default"
certificate-forwarding="true" socket-binding="http"
proxy-address-forwarding="true"/>
<host name="default-host" alias="localhost">
<location name="/"
handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
<host name="accounts" alias="accounts.e-karton.net
<http://accounts.e-karton.net/>"
default-web-module="auth-server.war"/>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content"
path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header"
header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header"
header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Keycloak jboss-web.xml
<?xml version="1.0"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd
<http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd>">
<jboss-web>
<context-root>/</context-root>
<virtual-host>accounts</virtual-host>
</jboss-web>
Can anyone help me with this?
12:17 a.m.
Does it work if you bypass the proxy?
----- Original Message -----
From: "Marko Radinovic" <markoradinovic79(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Tuesday, 20 January, 2015 8:17:41 PM
Subject: [keycloak-user] Always redirected to login form
Hi,
When I try to login to master realm, I’am redirected back to login page.
I’m using:
Wildfly 8.2.0.Final
Keycloak version 1.1.0-Beta2
Apache2 as proxy server.
Here is my apache configuration
IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName accounts.e-karton.net
ErrorLog ${APACHE_LOG_DIR}/ accounts.e-karton.net -error.log
CustomLog ${APACHE_LOG_DIR}/ accounts.e-karton.net -access.log combined
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
…SSL stuff omitted
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/htmles
# Turn off support for true Proxy behaviour as we are acting as
# a transparent proxy
ProxyRequests Off
# Turn off VIA header as we know where the requests are proxied
ProxyVia Off
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
SSLProxyEngine on
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://192.168.5.17:8009/
ProxyPassReverse / ajp://192.168.5.17:8009/
</VirtualHost>
</IfModule>
Wildfly configuration:
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" scheme="https"
socket-binding="ajp"/>
<http-listener name="default" certificate-forwarding="true"
socket-binding="http" proxy-address-forwarding="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
<host name="accounts" alias=" accounts.e-karton.net "
default-web-module="auth-server.war"/>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content"
path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server"
header-value="WildFly/8"/>
<response-header name="x-powered-by-header"
header-name="X-Powered-By"
header-value="Undertow/1"/>
</filters>
</subsystem>
Keycloak jboss-web.xml
<?xml version="1.0"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN" "
http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd ">
<jboss-web>
<context-root>/</context-root>
<virtual-host>accounts</virtual-host>
</jboss-web>
Can anyone help me with this?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:58 p.m.
Hi,
I tried without proxy server, but it’s not working.
When I navigate to admin console
http://accounts.e-karton.net:8081/admin/maste/console
<http://accounts.e-karton.net:8081/admin/maste/console>
I’m redirected to
http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
<http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
Redirect url is invalid because of appended “/“. Now I’m getting this in log:
2015-01-21 15:07:32,193 WARN [org.jboss.resteasy.core.ExceptionHandler] (default task-63)
failed to execute: javax.ws.rs.NotFoundException: Could not find resource for full path:
http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
<http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
The same thing is happening when using proxy server, but there is nothing in log file.
How can I prevent this?
Thank you.
On Jan 21, 2015, at 7:17 AM, Stian Thorgersen
<stian(a)redhat.com> wrote:
Does it work if you bypass the proxy?
----- Original Message -----
> From: "Marko Radinovic" <markoradinovic79(a)gmail.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Tuesday, 20 January, 2015 8:17:41 PM
> Subject: [keycloak-user] Always redirected to login form
>
> Hi,
> When I try to login to master realm, I’am redirected back to login page.
>
> I’m using:
> Wildfly 8.2.0.Final
> Keycloak version 1.1.0-Beta2
> Apache2 as proxy server.
>
> Here is my apache configuration
>
> IfModule mod_ssl.c>
> <VirtualHost _default_:443>
> ServerName accounts.e-karton.net
>
> ErrorLog ${APACHE_LOG_DIR}/ accounts.e-karton.net -error.log
> CustomLog ${APACHE_LOG_DIR}/ accounts.e-karton.net -access.log combined
>
> SSLEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
>
> …SSL stuff omitted
>
>
> BrowserMatch "MSIE [2-6]" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> # MSIE 7 and newer should be able to use keepalive
> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>
>
> SetOutputFilter DEFLATE
> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
> SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
>
> BrowserMatch ^Mozilla/4 gzip-only-text/html
> BrowserMatch ^Mozilla/4\.0[678] no-gzip
> BrowserMatch \bMSIE !no-gzip !gzip-only-text/htmles
>
> # Turn off support for true Proxy behaviour as we are acting as
> # a transparent proxy
> ProxyRequests Off
>
> # Turn off VIA header as we know where the requests are proxied
> ProxyVia Off
> ProxyPreserveHost On
> RequestHeader set X-Forwarded-Proto "https"
> SSLProxyEngine on
> <Proxy *>
> AddDefaultCharset Off
> Order deny,allow
> Allow from all
> </Proxy>
>
>
> ProxyPass / ajp://192.168.5.17:8009/
> ProxyPassReverse / ajp://192.168.5.17:8009/
> </VirtualHost>
> </IfModule>
>
>
> Wildfly configuration:
>
> <subsystem xmlns="urn:jboss:domain:undertow:1.2">
> <buffer-cache name="default"/>
> <server name="default-server">
> <ajp-listener name="ajp" scheme="https"
socket-binding="ajp"/>
> <http-listener name="default" certificate-forwarding="true"
> socket-binding="http" proxy-address-forwarding="true"/>
> <host name="default-host" alias="localhost">
> <location name="/" handler="welcome-content"/>
> <filter-ref name="server-header"/>
> <filter-ref name="x-powered-by-header"/>
> </host>
> <host name="accounts" alias=" accounts.e-karton.net "
> default-web-module="auth-server.war"/>
> </server>
> <servlet-container name="default">
> <jsp-config/>
> <websockets/>
> </servlet-container>
> <handlers>
> <file name="welcome-content"
path="${jboss.home.dir}/welcome-content"/>
> </handlers>
> <filters>
> <response-header name="server-header" header-name="Server"
> header-value="WildFly/8"/>
> <response-header name="x-powered-by-header"
header-name="X-Powered-By"
> header-value="Undertow/1"/>
> </filters>
> </subsystem>
>
> Keycloak jboss-web.xml
>
> <?xml version="1.0"?>
> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN"
"
> http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd ">
> <jboss-web>
> <context-root>/</context-root>
> <virtual-host>accounts</virtual-host>
> </jboss-web>
>
> Can anyone help me with this?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
8:39 p.m.
Can anyone help me with this?
When I use virtualhost configuration it doesn’t work, when I disable virtualhost
everything is fine.
I tried every possible combination that I can think off, but still isn’t working.
Thanks
On Jan 21, 2015, at 11:58 PM, Marko Radinovic
<markoradinovic79(a)gmail.com> wrote:
Hi,
I tried without proxy server, but it’s not working.
When I navigate to admin console
http://accounts.e-karton.net:8081/admin/maste/console
<http://accounts.e-karton.net:8081/admin/maste/console>
I’m redirected to
http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
<http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
Redirect url is invalid because of appended “/“. Now I’m getting this in log:
2015-01-21 15:07:32,193 WARN [org.jboss.resteasy.core.ExceptionHandler] (default
task-63) failed to execute: javax.ws.rs.NotFoundException: Could not find resource for
full path:
http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
<http://accounts.e-karton.net:8081//realms/master/tokens/login?client_id=s...
The same thing is happening when using proxy server, but there is nothing in log file.
How can I prevent this?
Thank you.
> On Jan 21, 2015, at 7:17 AM, Stian Thorgersen <stian(a)redhat.com
<mailto:stian@redhat.com>> wrote:
>
> Does it work if you bypass the proxy?
>
> ----- Original Message -----
>> From: "Marko Radinovic" <markoradinovic79(a)gmail.com
<mailto:markoradinovic79@gmail.com>>
>> To: keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> Sent: Tuesday, 20 January, 2015 8:17:41 PM
>> Subject: [keycloak-user] Always redirected to login form
>>
>> Hi,
>> When I try to login to master realm, I’am redirected back to login page.
>>
>> I’m using:
>> Wildfly 8.2.0.Final
>> Keycloak version 1.1.0-Beta2
>> Apache2 as proxy server.
>>
>> Here is my apache configuration
>>
>> IfModule mod_ssl.c>
>> <VirtualHost _default_:443>
>> ServerName accounts.e-karton.net <http://accounts.e-karton.net/>
>>
>> ErrorLog ${APACHE_LOG_DIR}/ accounts.e-karton.net
<http://accounts.e-karton.net/> -error.log
>> CustomLog ${APACHE_LOG_DIR}/ accounts.e-karton.net
<http://accounts.e-karton.net/> -access.log combined
>>
>> SSLEngine on
>> SSLProtocol all -SSLv2
>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
>>
>> …SSL stuff omitted
>>
>>
>> BrowserMatch "MSIE [2-6]" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>> # MSIE 7 and newer should be able to use keepalive
>> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>>
>>
>> SetOutputFilter DEFLATE
>> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|ico|png)$ \ no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ \no-gzip dont-vary
>> SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
>>
>> BrowserMatch ^Mozilla/4 gzip-only-text/html
>> BrowserMatch ^Mozilla/4\.0[678] no-gzip
>> BrowserMatch \bMSIE !no-gzip !gzip-only-text/htmles
>>
>> # Turn off support for true Proxy behaviour as we are acting as
>> # a transparent proxy
>> ProxyRequests Off
>>
>> # Turn off VIA header as we know where the requests are proxied
>> ProxyVia Off
>> ProxyPreserveHost On
>> RequestHeader set X-Forwarded-Proto "https"
>> SSLProxyEngine on
>> <Proxy *>
>> AddDefaultCharset Off
>> Order deny,allow
>> Allow from all
>> </Proxy>
>>
>>
>> ProxyPass / ajp://192.168.5.17:8009/ <ajp://192.168.5.17:8009/>
>> ProxyPassReverse / ajp://192.168.5.17:8009/ <ajp://192.168.5.17:8009/>
>> </VirtualHost>
>> </IfModule>
>>
>>
>> Wildfly configuration:
>>
>> <subsystem xmlns="urn:jboss:domain:undertow:1.2">
>> <buffer-cache name="default"/>
>> <server name="default-server">
>> <ajp-listener name="ajp" scheme="https"
socket-binding="ajp"/>
>> <http-listener name="default"
certificate-forwarding="true"
>> socket-binding="http" proxy-address-forwarding="true"/>
>> <host name="default-host" alias="localhost">
>> <location name="/" handler="welcome-content"/>
>> <filter-ref name="server-header"/>
>> <filter-ref name="x-powered-by-header"/>
>> </host>
>> <host name="accounts" alias=" accounts.e-karton.net
<http://accounts.e-karton.net/> "
>> default-web-module="auth-server.war"/>
>> </server>
>> <servlet-container name="default">
>> <jsp-config/>
>> <websockets/>
>> </servlet-container>
>> <handlers>
>> <file name="welcome-content"
path="${jboss.home.dir}/welcome-content"/>
>> </handlers>
>> <filters>
>> <response-header name="server-header"
header-name="Server"
>> header-value="WildFly/8"/>
>> <response-header name="x-powered-by-header"
header-name="X-Powered-By"
>> header-value="Undertow/1"/>
>> </filters>
>> </subsystem>
>>
>> Keycloak jboss-web.xml
>>
>> <?xml version="1.0"?>
>> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN"
"
>> http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd
<http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd> ">
>> <jboss-web>
>> <context-root>/</context-root>
>> <virtual-host>accounts</virtual-host>
>> </jboss-web>
>>
>> Can anyone help me with this?
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
3638
days inactive
3641
days old
3 comments
2 participants
participants (2)
-
Marko Radinovic -
Stian Thorgersen