[keycloak-user] Issue Configuring HTTP Reverse Proxy to Keycloak
Stian Thorgersen
sthorger at redhat.com
Fri Dec 2 00:13:45 EST 2016
Do you preserve the original Host header or does your proxy replace it?
On 9 November 2016 at 20:58, Colin Ritchie <colin.ritchie at tasktop.com>
wrote:
> Hello,
>
> I am having trouble getting keycloak to work behind a reverse proxy.
>
> I have installed Keycloak on the same server as our existing web
> application running in Tomcat, with keycloak listening on 8081 and Tomcat
> listening on 8080. I have configured an HTTP reverse proxy in Tomcat
> using https://github.com/mitre/HTTP-Proxy-Servlet. I am forwarding /auth
> to the reverse proxy, which in turns connects to keycloak (
> http://localhost:8081/auth).
>
> When I visit "http://localhost:8080/auth", the first page in this scenario
> works: the "Welcome to Keycloak" page appears. But when I click on the
> "Administration Console" link, the first redirect works, to
> "/auth/admin/master/console". But it then quickly redirects the browser
> directly to the keycloak port:
>
> http://localhost:*8081*/auth/realms/master/protocol/openid-
> connect/auth?client_id=security-admin-console&redirect_uri=http%3A%2F%
> 2Flocalhost%3A8080%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&
> state=a36dd30e-6268-4545-9a4f-a397169917b6&nonce=79d7099d-
> 10df-471f-96e9-b13a8da17b55&response_mode=fragment&
> response_type=code&scope=
> openid
>
> The reverse proxy sets the X-Forwarded-For and X-Forwarded-Proto headers.
> And I have configured keycloak according to https://keycloak.gitbooks.
> io/server-installation-and-configuration/content/topics/
> clustering/load-balancer.html, setting the proxy-address-forwarding
> attribute.
>
> I am also seeing, on the final redirected page, the error "Invalid
> parameter: redirect_uri".
>
> Any help would be very appreciated.
>
> --
> *Colin Ritchie **|* *Engineering Manager* *|* *Tasktop Technologies*
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list