[keycloak-user] Behind a reverse proxy using context path

Stian Thorgersen sthorger at redhat.com
Wed Jan 13 08:44:13 EST 2016


Looks like it may be a bug caused by context-path on the server being
different than context-path on the reverse proxy.

Try setting web-context for urn:jboss:domain:keycloak-server:1.1 in
standalone.xml to "sso". If that works please create a bug.

On 13 January 2016 at 14:27, Andy Yar <andyyar66 at gmail.com> wrote:

> Hello,
> I'm stuck with Keycloak 1.7.0 Final on WildFly 9 behind a reverse proxy
> (nginx). The WildFly is configured for proxying according to the Keycloak
> guide and the proxy sends the needed custom HTTP headers.
>
> I have a public SSL secured domain and nginx proxying requests to internal
> WildFly server. I would like to use URL: https://domain.foo/sso/ to
> access the Keycloak (internal WildFly). I guess the context path (sso/) is
> important here.
>
> Accessing the address I can reach the Keycloak default welcome page.
> However, a GET https://domain.foo/sso/admin results in 302 to Location:
> https://domain.foo/admin/master/console/. Obviously this redirect fails
> because its Location misses the needed context path (sso/). Adding the
> context path to a request manually results in a 200 but following resources
> fail to download because of the missing context path part of URL.
>
> Is my configuration wrong? Is there a way how the original base URL can be
> set? Is it even possible to have it behind a reverse proxy not running at
> root context? Is the origin detection broken?
>
> Thanks in advance
> Andy
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160113/21455df8/attachment.html 


More information about the keycloak-user mailing list