10:34 p.m.
Hi all,
I need to configure Keycloak to work behind Reverse Proxy with Network Address
Translation
I have servers that have the external IP to access from a browser and internal IP for
inter process access.
Also, it is not possible to access from internal IPs to external IPs.
Therefore, the following configuration should be returned upon the call of
http://<external
IP>/auth/realms/master/.well-known/openid-configuration<http://%3cexternal%20IP%3e/auth/realms/master/.well-known/openid-configuration>:
"issuer":"http://<external
IP>/auth/realms/master<http://%3cexternal%20IP%3e/auth/realms/master>",
"authorization_endpoint":"http://<external
IP>/auth/realms/master/protocol/openid-connect/auth<http://%3cexternal%20IP%3e/auth/realms/master/protocol/openid-connect/auth>",
"token_endpoint":"http://<internal
IP>/auth/realms/master/protocol/openid-connect/token<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/token>",
"userinfo_endpoint":"http://<internal
IP>/auth/realms/master/protocol/openid-connect/userinfo<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/userinfo>",
"jwks_uri":"http://<internal
IP>/auth/realms/master/protocol/openid-connect/certs<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/certs>",
"end_session_endpoint":"http://<external
IP>/auth/realms/master/protocol/openid-connect/logout<http://%3cexternal%20IP%3e/auth/realms/master/protocol/openid-connect/logout>",
"check_session_iframe":"http://<external
IP>/auth/realms/master/protocol/openid-connect/login-status-iframe.html<http://%3cexternal%20IP%3e/auth/realms/master/protocol/openid-connect/login-status-iframe.html>",
"token_introspection_endpoint":"http://<internal
IP>/auth/realms/master/protocol/openid-connect/token/introspect<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/token/introspect>",
Will happy for any insights.
Michael
12:12 a.m.
See
https://keycloak.gitbooks.io/server-installation-and-configuration/conten...
On 28 November 2016 at 05:34, Michael Furman <michael_furman(a)hotmail.com>
wrote:
Hi all,
I need to configure Keycloak to work behind Reverse Proxy with Network
Address Translation
I have servers that have the external IP to access from a browser and
internal IP for inter process access.
Also, it is not possible to access from internal IPs to external IPs.
Therefore, the following configuration should be returned upon the call of
http://<external IP>/auth/realms/master/.well-known/openid-configuration<
http://%3cexternal%20IP%3e/auth/realms/master/.well-
known/openid-configuration>:
"issuer":"http://<external IP>/auth/realms/master<http://
%3cexternal%20IP%3e/auth/realms/master>",
"authorization_endpoint":"http://<external
IP>/auth/realms/master/
protocol/openid-connect/auth<http://%3cexternal%20IP%3e/
auth/realms/master/protocol/openid-connect/auth>",
"token_endpoint":"http://<internal IP>/auth/realms/master/
protocol/openid-connect/token<http://%3cinternal%20IP%3e/
auth/realms/master/protocol/openid-connect/token>",
"userinfo_endpoint":"http://<internal IP>/auth/realms/master/
protocol/openid-connect/userinfo<http://%3cinternal%
20IP%3e/auth/realms/master/protocol/openid-connect/userinfo>",
"jwks_uri":"http://<internal IP>/auth/realms/master/
protocol/openid-connect/certs<http://%3cinternal%20IP%3e/
auth/realms/master/protocol/openid-connect/certs>",
"end_session_endpoint":"http://<external IP>/auth/realms/master/
protocol/openid-connect/logout<http://%3cexternal%
20IP%3e/auth/realms/master/protocol/openid-connect/logout>",
"check_session_iframe":"http://<external IP>/auth/realms/master/
protocol/openid-connect/login-status-iframe.html<http://%
3cexternal%20IP%3e/auth/realms/master/protocol/openid-
connect/login-status-iframe.html>",
"token_introspection_endpoint":"http://<internal
IP>/auth/realms/master/
protocol/openid-connect/token/introspect<http://%3cinternal%
20IP%3e/auth/realms/master/protocol/openid-connect/token/introspect>",
Will happy for any insights.
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3282
days inactive
3286
days old
1 comments
2 participants
participants (2)
-
Michael Furman -
Stian Thorgersen