[keycloak-user] How to configure Keycloak in case of Reverse Proxy with NAT?
Stian Thorgersen
sthorger at redhat.com
Fri Dec 2 01:12:15 EST 2016
See
https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/clustering/load-balancer.html
On 28 November 2016 at 05:34, Michael Furman <michael_furman at hotmail.com>
wrote:
> Hi all,
> I need to configure Keycloak to work behind Reverse Proxy with Network
> Address Translation
> I have servers that have the external IP to access from a browser and
> internal IP for inter process access.
> Also, it is not possible to access from internal IPs to external IPs.
>
> Therefore, the following configuration should be returned upon the call of
> http://<external IP>/auth/realms/master/.well-known/openid-configuration<
> http://%3cexternal%20IP%3e/auth/realms/master/.well-
> known/openid-configuration>:
>
> "issuer":"http://<external IP>/auth/realms/master<http://
> %3cexternal%20IP%3e/auth/realms/master>",
> "authorization_endpoint":"http://<external IP>/auth/realms/master/
> protocol/openid-connect/auth<http://%3cexternal%20IP%3e/
> auth/realms/master/protocol/openid-connect/auth>",
> "token_endpoint":"http://<internal IP>/auth/realms/master/
> protocol/openid-connect/token<http://%3cinternal%20IP%3e/
> auth/realms/master/protocol/openid-connect/token>",
> "userinfo_endpoint":"http://<internal IP>/auth/realms/master/
> protocol/openid-connect/userinfo<http://%3cinternal%
> 20IP%3e/auth/realms/master/protocol/openid-connect/userinfo>",
> "jwks_uri":"http://<internal IP>/auth/realms/master/
> protocol/openid-connect/certs<http://%3cinternal%20IP%3e/
> auth/realms/master/protocol/openid-connect/certs>",
> "end_session_endpoint":"http://<external IP>/auth/realms/master/
> protocol/openid-connect/logout<http://%3cexternal%
> 20IP%3e/auth/realms/master/protocol/openid-connect/logout>",
> "check_session_iframe":"http://<external IP>/auth/realms/master/
> protocol/openid-connect/login-status-iframe.html<http://%
> 3cexternal%20IP%3e/auth/realms/master/protocol/openid-
> connect/login-status-iframe.html>",
> "token_introspection_endpoint":"http://<internal IP>/auth/realms/master/
> protocol/openid-connect/token/introspect<http://%3cinternal%
> 20IP%3e/auth/realms/master/protocol/openid-connect/token/introspect>",
>
> Will happy for any insights.
> Michael
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list