[keycloak-user] Using Keycloak Proxy behind a TLS terminating reverse proxy

Stian Thorgersen sthorger at redhat.com
Thu Apr 7 13:39:16 EDT 2016


On 7 April 2016 at 17:36, Chris Pitman <cpitman at redhat.com> wrote:

> Isn't that documentation for setting up keycloak behind a reverse proxy? I
> have the keycloak appliance setup already, and can execute an OAuth flow
> *as long as the redirect_uri passed by the application is correct*.
>

Yep you're right, I was a bit hasty with that reply. Sorry.


>
> The problem is that the Keycloak Proxy is passing the wring redirect_uri
> to keycloak. HTTPD is passing the x-forwarded-proto header to the proxy.
> And I don't believe the proxy has a configuration file where you can modify
> the undertow configuration. The only configuration I am aware of for the
> proxy is documented here:
> http://keycloak.github.io/docs/userguide/keycloak-server/html/proxy.html#d4e3464


Can't really help you there, I've got no clue about the Keycloak Proxy


>
>
> Am I missing something?
>
> ----- Original Message -----
> >
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e397
> >
> > On 7 April 2016 at 06:24, Chris Pitman <cpitman at redhat.com> wrote:
> >
> > > Hey everyone,
> > >
> > > I'm trying to setup Keycloak Proxy to protect access to a legacy
> > > application. Right now we have HTTPD setup as a reverse proxy that
> > > terminates TLS and then passes through the request via HTTP to the
> legacy
> > > app. What I want to do is put the Keycloak Proxy in between HTTPD and
> the
> > > app.
> > >
> > > I've got it running, but the problem is the URL the proxy passes as the
> > > redirect url to keycloak. It is passing an "http://" url, which then
> > > doesn't match the configured redirect_urls in Keycloak. I'm assuming it
> > > does this since I'm using the HTTP port on the proxy.
> > >
> > > How can I get Keycloak Proxy to pass a redirect url with a "https://"
> > > scheme, even when not connecting via https to the proxy itself?
> > >
> > > Thanks,
> > > Chris Pitman
> > > Architect, Red Hat Consulting
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160407/014b8507/attachment.html 


More information about the keycloak-user mailing list