3:43 a.m.
Hi,
I have an scenario for Keycloak that I'm not able to solve in an easy way,
so any help will be more than appreciated.
In apiman (http://www.apiman.io) we are using Keycloak for securing the
apiman rest endpoints. We are in the process of creating some demos with
docker and for that one of the demos is having keycloak as a separate
server to which the wildfly instances holding the apiman rest endpoint will
redirect for authentication.
So far, I've configured in this wildfly instances the auth-server-url to be
the keycloakserver. Internal communication to this server is resolved by
name, as it is docker links providing the accesibility, but this is an
"internal ip to docker"
The problem comes when I try to log into the escured resource, and I get a
redirection to this "internal" ip, which my browser can not access, so I
get an error.
Is there a way to:
a) Use a different URL for browser redirection as for internal redirection?
b) Use a different redirection strategy?
c) do it in any other way?
Thanks for any help you can provide on this.
5:23 a.m.
New subject: Keycloak server securing wildfly in docker containers
----- Original Message -----
From: "Jorge Morales Pou"
<jorgemoralespou(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Wednesday, 21 January, 2015 10:43:52 AM
Subject: [keycloak-user] Keycloak server securing wildfly in docker containers
Hi,
I have an scenario for Keycloak that I'm not able to solve in an easy way, so
any help will be more than appreciated.
In apiman ( http://www.apiman.io ) we are using Keycloak for securing the
apiman rest endpoints. We are in the process of creating some demos with
docker and for that one of the demos is having keycloak as a separate server
to which the wildfly instances holding the apiman rest endpoint will
redirect for authentication.
So far, I've configured in this wildfly instances the auth-server-url to be
the keycloakserver. Internal communication to this server is resolved by
name, as it is docker links providing the accesibility, but this is an
"internal ip to docker"
The problem comes when I try to log into the escured resource, and I get a
redirection to this "internal" ip, which my browser can not access, so I get
an error.
Is there a way to:
a) Use a different URL for browser redirection as for internal redirection?
b) Use a different redirection strategy?
c) do it in any other way?
I'm currently looking into a solution to this, exactly how it'll work I
haven't figured out yet. Should have something more concrete in a few weeks. Is this
urgent for you or can it wait?
If you have any suggestions please let me know.
Thanks for any help you can provide on this.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:47 a.m.
Hi,
So far, for the sake of the demo, I have configured all the involved
containers to have net: "host" so they share the same ip, and configured
also a port offset for the keycloak server. This way, localhost maps to bot
containers (apiman and keycloak).
This is not a solution, but at least a workaround for now, and I think a
solution should come from Keycloak.
Also, I noticed that if I have the keycload server running on a docker
container on port 8080 and I have it mapped externaly to port 8081 then
same problem arises.
This could be tested with the official keycloak docker images available at
http://jboss.org/docker with the following command (*if they worked*):
docker run -it --rm -p 8081:8080 -p 9090:9090 jboss/keycloak-examples
2015-01-21 12:23 GMT+01:00 Stian Thorgersen <stian(a)redhat.com>:
----- Original Message -----
> From: "Jorge Morales Pou" <jorgemoralespou(a)gmail.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Wednesday, 21 January, 2015 10:43:52 AM
> Subject: [keycloak-user] Keycloak server securing wildfly in docker
containers
>
> Hi,
> I have an scenario for Keycloak that I'm not able to solve in an easy
way, so
> any help will be more than appreciated.
>
> In apiman ( http://www.apiman.io ) we are using Keycloak for securing
the
> apiman rest endpoints. We are in the process of creating some demos with
> docker and for that one of the demos is having keycloak as a separate
server
> to which the wildfly instances holding the apiman rest endpoint will
> redirect for authentication.
> So far, I've configured in this wildfly instances the auth-server-url to
be
> the keycloakserver. Internal communication to this server is resolved by
> name, as it is docker links providing the accesibility, but this is an
> "internal ip to docker"
> The problem comes when I try to log into the escured resource, and I get
a
> redirection to this "internal" ip, which my browser can not access, so I
get
> an error.
>
> Is there a way to:
>
> a) Use a different URL for browser redirection as for internal
redirection?
> b) Use a different redirection strategy?
> c) do it in any other way?
I'm currently looking into a solution to this, exactly how it'll work I
haven't figured out yet. Should have something more concrete in a few
weeks. Is this urgent for you or can it wait?
If you have any suggestions please let me know.
>
> Thanks for any help you can provide on this.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
3640
days inactive
3640
days old
2 comments
2 participants
participants (2)
-
Jorge Morales Pou -
Stian Thorgersen