[keycloak-user] Proxy configuration issue (Bill Burke)

Bill Burke bburke at redhat.com
Fri Nov 20 10:09:59 EST 2015


That all looks right.  What are the problems you are seeing?  I don't 
see them listed explicitly in this email thread.

On 11/20/2015 6:31 AM, Adrian Matei wrote:
> Hi Bill,
>
> Thank your for your answer, but I still don't seem to get Keycloak to
> "catch" my requests against the protected application.
> Let me make the scenario clear:
>
> 1. Application to be protected runs on http://localhost:*8280*/backend
>
> 2. Server proxy started and runs on http://localhost:*8080*, when I type
> http://localhost:8080/backend in the browser I see the protected application
>
> 3. Keycloak server runs on http://localhost:*8180*/auth
>
> 4. The adapter config in the "applications" section corresponds now the
> proxy client I have  configured in the Keycloak realm:
>
>     Client ID: proxy
>
>     Client Protocol: openid-connect
>     Access Type: confidential
>     Valid Redirect URIs: http://localhost:8080/backend/*
>
>
> I am not sure how to configure the proxy Server - now I have the following:
> {
>      "target-url": "*http://localhost:8280/*", ???
>      "send-access-token": false,
>      "bind-address": "localhost",
>      "http-port": "8080", ???
>      "applications": [
>          {
>              "base-path": "*/backend*",
>              "error-page": "/error.html",
>              "adapter-config": {
>                  "realm": "demo",
>                  "resource": "*proxy*",
>                  "realm-public-key":
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
>                  "auth-server-url": "http://localhost:8180/auth",
>                  "ssl-required" : "external",
>                  "principal-attribute": "name",
>                  "credentials": {
>                      "secret": "4ef4196d-9e86-4795-9219-dc1288b87c2b"
>                  }
>              }
>          }
>      ]
> }
> Questions:
> 1. The target-url I set it to the URL of the application the proxy
> server is proxying - this means the server can only proxy applications
> on the same URL?
> 2. What am I doing wrong :((((?
>
>
> Thanks a bunch,
> Adrian
>
> "Can't really see the screenshot, but you have to point keycloak to the
> host/port of the proxy.
>
> On 11/19/2015 9:13 AM, Adrian Matei wrote:
>  > Hi everyone,
>  >
>  > I am trying to make a simple test and configure a keycloak proxy to
>  > protect an application running on http://localhost:8280/backend/
>
>      >on looks like the following:
>      >
>      > {
>      >      "target-url": "http://localhost:8280/",
>      >      "send-access-token": false,
>      >      "bind-address": "localhost",
>      >      "http-port": "8080",
>      >      "applications": [
>      >          {
>      >              "base-path": "/backend",
>      >              "error-page": "/error.html",
>      >              "adapter-config": {
>      >                  "realm": "demo",
>      >                  "resource": "sandbox-backend",
>      >                  "realm-public-key":
>      >
>     "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
>      >                  "auth-server-url": "http://localhost:8180/auth",
>      >                  "ssl-required" : "external",
>      >                  "credentials": {
>      >                      "secret": "9323cdd6-7e0e-46ce-814f-b5ac79581395"
>      >                  }
>      >              }
>      >          }
>      >      ]
>      > }
>      >
>      > 2.
>      > I've started the proxy server as specified in the documentation "java
>      > -jar bin/launcher.jar proxy.json"
>      > I am getting an error "ERROR: UT005026: Jetty ALPN support not
>     found on
>      > boot class path, SPDY client will not be available.", but the server
>      > still starts, I don't think there should be a problem with that...
>      >
>      > 3. In the admin console (keycloak running on port 8180) I've
>     configured
>      > the backend application like the following:
>      >
>      > Could you tell me what I am doing wrong? When I put in the app's
>     url in
>      > the browser it goes directly to the application...
>      >
>      > Thanks,
>      > Adrian"
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list