[keycloak-user] Using Keycloak Proxy behind a TLS terminating reverse proxy

[Chris Pitman]

Isn't that documentation for setting up keycloak behind a reverse proxy? I have the keycloak appliance setup already, and can execute an OAuth flow *as long as the redirect_uri passed by the application is correct*.

The problem is that the Keycloak Proxy is passing the wring redirect_uri to keycloak. HTTPD is passing the x-forwarded-proto header to the proxy. And I don't believe the proxy has a configuration file where you can modify the undertow configuration. The only configuration I am aware of for the proxy is documented here: http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#d4e3464

Am I missing something?

----- Original Message -----
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e397
> 
> On 7 April 2016 at 06:24, Chris Pitman <cpitman at redhat.com> wrote:
> 
> > Hey everyone,
> >
> > I'm trying to setup Keycloak Proxy to protect access to a legacy
> > application. Right now we have HTTPD setup as a reverse proxy that
> > terminates TLS and then passes through the request via HTTP to the legacy
> > app. What I want to do is put the Keycloak Proxy in between HTTPD and the
> > app.
> >
> > I've got it running, but the problem is the URL the proxy passes as the
> > redirect url to keycloak. It is passing an "http://" url, which then
> > doesn't match the configured redirect_urls in Keycloak. I'm assuming it
> > does this since I'm using the HTTP port on the proxy.
> >
> > How can I get Keycloak Proxy to pass a redirect url with a "https://"
> > scheme, even when not connecting via https to the proxy itself?
> >
> > Thanks,
> > Chris Pitman
> > Architect, Red Hat Consulting
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>