[keycloak-dev] Reverse Proxy Docs (and general logging)

[Evan Shortiss]

Hi folks,

I was working on Keycloak Node.js demo this morning and couldn't figure out
why it was incorrectly constructing my *redirect_uri* for a public client.
Instead of using HTTPS it was using HTTP - my application was served over
HTTPS.

I thought it was might be a bug in keycloak-connect, but turns out it's
related to the "trust proxy" setting in express. This is fine, it makes
sense to use standard Node.js/Express environment settings to manage this 👍

My question is: should debug logging be added in the adapter to help debug
such issues? If I could have run my project with a
*DEBUG=keycloak-connect* environment
variable set and had logs such as those below it could have been helpful.

I think it's also worth adding commented a line to the Node.js example(s)
with "trust proxy" set to "true", and a comment above explaining you need
to uncomment it if behind a reverse proxy. I'm not sure if the various Java
example(s) require a similar setting/comment.

When I Googled I didn't find any hits in the Keycloak docs for "reverse
proxy" so might be worth a docs update too?

keycloak-connect:protect - creating login url
keycloak-connect:protect - incoming request.protocol is "http"
keycloak-connect:protect - WARNING request.protocol is "http" but
"x-forwarded-proto"
is "https", "trust proxy" setting might be incorrectly set
keycloak-connect:protect - login url is $SOME_URL

-- 

Evan Shortiss

Technical Marketing Manager

Red Hat NA <https://www.redhat.com/>

Los Angeles

evan.shortiss at redhat.com
M: +1-781-354-2834     IM: evanshortiss
<https://www.redhat.com/>