[keycloak-user] keycloak proxy server
Chen Keong Yap
chenkeong.yap at izeno.com
Wed Feb 18 08:49:35 EST 2015
Step 4 and 5 not happening
On Feb 18, 2015 9:19 PM, "Bill Burke" <bburke at redhat.com> wrote:
> This is what is happening:
>
> * Keycloak server is deployed at https://192.168.1.10:8443/auth
> * Keycloak proxy is deployed at localhost:8080
> * Customer portal is deployed at localhost:8082
>
> 1. Browser visits proxy
> 2. proxy sees browser is logged in, redirects to keycloak
> 3. Keycloak logs browser in, redirects back to proxy
> 4. proxy makes an out-of-band request to customer portal
> 5. proxy copies response from customer portal and returns it to browser
>
> Which step is not happening?
>
> On 2/18/2015 2:32 AM, Chen Keong Yap wrote:
>
>> Hi,
>>
>> Yes. I think keycloak proxy is quite similar to apache web proxy. Now
>> the only difference is apache web proxy can reverse proxy for app hosted
>> on different ip and port whereas keycloak proxy server seem like forcing
>> the app to run on same ip and port. I have tried to change the base-path
>> and target-url to use different ip and port but it does not work. Kindly
>> share the opinions.
>>
>> On Feb 18, 2015 11:27 AM, "Bill Burke" <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>> All browser HTTP requests go through the proxy. Your browser is never
>> redirected to the actual application. The actual application should
>> be
>> behind a firewall or some other mechanism. Its the same concept as
>> using Apache HTTPD in front of an application.
>>
>> On 2/17/2015 4:34 PM, Chen Keong Yap wrote:
>> > Hi,
>> >
>> > Is there any updates? The app is protected by proxy but after
>> login is
>> > successful and is not redirect back to app and stay at proxy url
>> >
>> > On Feb 17, 2015 4:54 PM, "Chen Keong Yap"
>> <chenkeong.yap at izeno.com <mailto:chenkeong.yap at izeno.com>
>> > <mailto:chenkeong.yap at izeno.com
>> <mailto:chenkeong.yap at izeno.com>>> wrote:
>> >
>> > Hi,
>> >
>> > When i access my app from
>> http://localhost:8080/customer-portal and
>> > it was redirected to keycloak login page
>> > (https://192.168.1.10:8443/auth). After login is successful,
>> the
>> > request is redirected back to
>> http://localhost:8080/customer-portal
>> > instead of http://localhost:9080/customer-portal. Can someone
>> advise
>> > what's wrong with the settings?
>> >
>> > keycloak proxy server hosted on localhost:8080
>> >
>> > customer-portal application hosted on localhost:9080
>> >
>> > proxy.json configuration shown below.
>> >
>> > {
>> > "target-url": "http://localhost:8082",
>> > "bind-address": "localhost",
>> > "http-port": "8080",
>> > "https-port": "8443",
>> > "keystore": "classpath:ssl.jks",
>> > "keystore-password": "password",
>> > "key-password": "password",
>> > "send-access-token": true,
>> > "applications": [
>> > {
>> > "base-path": "/customer-portal",
>> > "error-page": "/error.html",
>> > "adapter-config": {
>> > "realm": "demo",
>> > "resource": "customer-portal",
>> > "realm-public-key":
>> >
>> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0x
>> tL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/
>> UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/
>> p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
>> > "auth-server-url":
>> "https://192.168.1.10:8443/auth",
>> > "ssl-required" : "external",
>> > "enable-cors" : true,
>> > "principal-attribute": "KEYCLOAK_NAME",
>> > "credentials": {
>> > "secret": "password"
>> > }
>> > }
>> > ,
>> > "constraints": [
>> > {
>> > "pattern": "/users/*",
>> > "roles-allowed": [
>> > "user"
>> > ]
>> > },
>> > {
>> > "pattern": "/*",
>> > "roles-allowed": [
>> > "user"
>> > ]
>> > },
>> > {
>> > "pattern": "/call-bearer/*",
>> > "roles-allowed": [
>> > "user"
>> > ]
>> > },
>> > {
>> > "pattern": "/bearer/*",
>> > "roles-allowed": [
>> > "user"
>> > ]
>> > },
>> > {
>> > "pattern": "/admins/*",
>> > "roles-allowed": [
>> > "admin"
>> > ]
>> > },
>> > {
>> > "pattern": "/users/permit",
>> > "permit": true
>> > },
>> > {
>> > "pattern": "/users/deny",
>> > "deny": true
>> > }
>> > ]
>> > }
>> > ]
>> >
>> >
>> > }
>> >
>> >
>> >
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.
>> jboss.org>
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150218/a93eea37/attachment.html
More information about the keycloak-user
mailing list