[keycloak-user] Fwd: Re: Redirection issue with proxy behind keycloak

Aritz Maeztu amaeztu at tesicnor.com
Wed Jun 8 11:15:58 EDT 2016


Hello, any advice on this?


03/06/2016 14:20(e)an, Aritz Maeztu igorleak idatzi zuen:
>
> Hi all,
>
> Good work with the sample project Scott, it's a proper isolated code 
> where we might easily see what's going on. My previous problem was 
> nearly solved, it only keeps happening with FF, when user isn't logged 
> in[0].
>
> Scott, I've got no reason to avoid other traditional HTTP proxies, all 
> of this is because I'm a bit of newbie in this kind of topics about 
> distributed environments and having chosen the Spring Cloud utility I 
> thought I could implement everything I needed using Zuul. So that's 
> the design I was thinking in for production:
>
> Browser request -> Zuul proxy (80) -> UI Service (8099 and accesses 
> other services using the keycloak rest template) -> Backbone services 
> (80xx). They call each other using the keycloak rest template
>
> Mobile app request -> Zuul proxy (80) -> Backbone services (80xx). 
> They call each other using the keycloak rest template
>
> I've declared each backbone service in Keycloak as confidential 
> because that way I can access the service directly through the 
> browser. Like you say, it might be a properer option to use 
> bearer-only access, but how could I deal with the UI Service? This 
> could be a choice according to what you say, not adding any other proxy:
>
> Browser request -> UI Service (80)  -> Zuul proxy (8765) -> Backbone 
> services (80xx). They call each other using the keycloak rest template
>
> The only drawback I can think about this design is the case of needing 
> to have more UI replicas, I would need to manage them myself? If I add 
> a proxy on the top of it could I have it talking with Eureka to know 
> where the different instances of the UI Service are?
>
> Thanks!
>
>
> [0]https://github.com/xtremebiker/zuul-keycloak-test/pull/1
>
>
> 03/06/2016 6:05(e)an, Scott Rossillo igorleak idatzi zuen:
>> Hi Aritz,
>>
>> Your sample project was very helpful to understand the problems 
>> you’re facing with Zuul as a proxy server. I spent some time 
>> investigating and I’ve sent you a pull request[0] that will get your 
>> sample working.
>>
>> That being said, please do read the "Cookies and Sensitive Headers” 
>> documentation from Spring Cloud Netflix[1]. This applies to anyone 
>> thinking of using Zuul as a stateful proxy server. Zuul was designed 
>> by Netflix to proxy stateless services. In the Keycloak world, these 
>> would be clients with an access type of bearer-only.
>>
>> I'd strongly recommend against this setup in production. You could 
>> continue to use Zuul for stateless services but anything requiring an 
>> interactive login should really be behind a more traditional HTTP 
>> proxy (e.g. Nginx, Apache, etc).
>>
>> If you disagree, can you tell us the reason you’d want to proxy a 
>> stateful service with Zuul?
>>
>> Hope this helps clear things up a bit.
>>
>> Best,
>> Scott
>>
>> [0]: https://github.com/xtremebiker/zuul-keycloak-test/pull/1
>> [1]: 
>> http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html
>>
>> Scott Rossillo
>> Smartling | Senior Software Engineer
>> srossillo at smartling.com
>>
>>> On Jun 2, 2016, at 4:08 PM, Aritz Maeztu <amaeztu at tesicnor.com> wrote:
>>>
>>> Hi Scott and all,
>>>
>>> Tried removing the tomcat adapter from my project, it was my mistake 
>>> putting it with the Spring Security one, all together. Thanks for 
>>> the link to the question, it was a question I made in SO some time 
>>> ago and your answer worked that time. However, even I leave 
>>> /sso/login unprotected by Spring Security, the same behaviour 
>>> happens. So I tried creating a sample scenario from scratch and I 
>>> can reproduce the issue. Here it is, three maven projects, the 
>>> service discovery (Eureka), the proxy service (Zuul) and the sample 
>>> secured service:
>>>
>>> https://github.com/xtremebiker/zuul-keycloak-test
>>>
>>> The keycloak.json file in the secured service should be replaced by 
>>> the one for your client, of course. And here there is a filter 
>>> declaration that can be made in Spring Boot to show the request 
>>> dumper for Tomcat:
>>>
>>> http://stackoverflow.com/questions/23325389/spring-boot-enable-http-requests-logging/37523922#37523922
>>>
>>> The steps to reproduce it are:
>>>
>>> 1- Boot the three projects
>>>
>>> 2- Wait till the two services are registered in Eureka and navigate 
>>> to localhost:8765/secured-service/path
>>>
>>> 3- After logging in in Keycloak, the port changes to 8083
>>>
>>> I'll continue struggling and see if I can figure it out myself.
>>>
>>> Regards
>>>
>>>
>>> 31/05/2016 22:56(e)an, Scott Rossillo igorleak idatzi zuen:
>>>> Hi Artiz,
>>>>
>>>> If you’re using the Tomcat adapter and Spring Security adapter 
>>>> together, they may be interfering with each other. I’m not saying 
>>>> this is the problem you’re having but I’d avoid using both adapters 
>>>> together.
>>>>
>>>> Please also take a look at this Stack Overflow answer[0] related to 
>>>> redirect issues. If none of this helps I’ll try to debug with 
>>>> Eureka and Zuul.
>>>>
>>>> [0]: 
>>>> http://stackoverflow.com/questions/33543672/keycloak-redirects-me-to-my-index-url-instead-of-to-the-requested-one?answertab=votes#tab-top
>>>>
>>>> Scott Rossillo
>>>> Smartling | Senior Software Engineer
>>>> srossillo at smartling.com
>>>>
>>>>> On May 31, 2016, at 4:00 PM, Aritz Maeztu <amaeztu at tesicnor.com> 
>>>>> wrote:
>>>>>
>>>>> Hello Scott,
>>>>>
>>>>> I've got the spring security and tomcat keycloak adapters both as 
>>>>> a project dependency for each service (as I'm running the services 
>>>>> in Tomcat 8 embedded servers). Basically I want to base my 
>>>>> security in Spring Security, that's why I chose this adapter over 
>>>>> the Spring Boot adapter.
>>>>>
>>>>> As the behaviour states, a redirection is made first to the 
>>>>> /sso/login endpoint, then other one to the keycloak authorization 
>>>>> server. The question is, as a redirection is a mere instruction 
>>>>> stated from the server to the browser, which chances do I have to 
>>>>> send the original x-forwarded headers to the keycloak 
>>>>> authorization server, so that it can make the redirection to the 
>>>>> url requested at the very beginning (to the reverse proxy)?
>>>>>
>>>>> I could implement a playground scenario for you if you happen to 
>>>>> require it.
>>>>>
>>>>> Many thanks
>>>>>
>>>>>
>>>>> 31/05/2016 20:14(e)an, Scott Rossillo igorleak idatzi zuen:
>>>>>> Hi Artiz,
>>>>>>
>>>>>> So just to be clear, which Keycloak adapter are you using? The 
>>>>>> Spring Boot Adapter or the Spring Security Adapter?
>>>>>>
>>>>>> Scott Rossillo
>>>>>> Smartling | Senior Software Engineer
>>>>>> srossillo at smartling.com
>>>>>>
>>>>>>> On May 31, 2016, at 3:13 AM, Aritz Maeztu <amaeztu at tesicnor.com> 
>>>>>>> wrote:
>>>>>>>
>>>>>>> I've got some Spring Boot application instances with embeded 
>>>>>>> Tomcat servlet containers. Tomcat has a similar system to 
>>>>>>> Wildfly for request dumpering, that's what I have enabled for 
>>>>>>> getting the trace below. In short words that's the behaviour I'm 
>>>>>>> able to see:
>>>>>>>
>>>>>>> 1. Zuul Proxy (Spring Boot in Tomcat) -> Organization Service 
>>>>>>> (8083 port) : A forward request where X-forwarded headers are 
>>>>>>> included
>>>>>>>
>>>>>>> 2. Organization Service (localhost:8083) : Looks for a token and 
>>>>>>> if it's not available, the keycloak adapter redirects to the 
>>>>>>> /sso/login of the same service (Here the traceability from the 
>>>>>>> proxy gets losts)
>>>>>>>
>>>>>>> 3. localhost:8083/sso/login: Redirects to the keycloak wildfly 
>>>>>>> server, saving the requested url
>>>>>>>
>>>>>>> 4. Keycloak login: The user performs the authentication and the 
>>>>>>> redirectUri is localhost:8083/sso/login. Later on, the login 
>>>>>>> endpoint redirects the user to the url requested in point 2, not 
>>>>>>> the first one from the proxy.
>>>>>>>
>>>>>>> I only have this problem when my organization service needs to 
>>>>>>> verify the token (or a token doesn't exist) using the keycloak 
>>>>>>> adapter. When the /sso/login endpoint is not requested, 
>>>>>>> everything is working properly. Hope I've explained it well!
>>>>>>>
>>>>>>>
>>>>>>> 31/05/2016 7:15(e)an, Stian Thorgersen igorleak idatzi zuen:
>>>>>>>> Where is your app deployed? If it's on WildFly you can follow 
>>>>>>>> the same steps used to configure reverse proxy for Keycloak 
>>>>>>>> Server to configure WildFly. Check if getRequestURL returns the 
>>>>>>>> correct URL in your app.
>>>>>>>>
>>>>>>>> On 30 May 2016 at 15:08, Aritz Maeztu<amaeztu at tesicnor.com>wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>     -------- Birbidalitako mezua --------
>>>>>>>>     Gaia: 	Re: [keycloak-user] Redirection issue with proxy
>>>>>>>>     behind keycloak
>>>>>>>>     Data: 	Mon, 30 May 2016 13:28:21 +0200
>>>>>>>>     Nork: 	Aritz Maeztu<amaeztu at tesicnor.com>
>>>>>>>>     Nori: 	stian at redhat.com
>>>>>>>>     CC: 	Niels Bertram<nielsbne at gmail.com>,
>>>>>>>>     keycloak-user<keycloak-user at lists.jboss.org>, Scott
>>>>>>>>     Rossillo<srossillo at smartling.com>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>     I've done all the traceability from the proxy server till
>>>>>>>>     the login page is displayed:
>>>>>>>>
>>>>>>>>     First step, /organization/organizations is requested, so
>>>>>>>>     the proxy server knows it has to be forwarded to the 8083
>>>>>>>>     port (the one for the organization service). That's the
>>>>>>>>     first request received by my application's Tomcat:
>>>>>>>>
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 START TIME =30-may-2016 13:01:18
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 requestURI=/organizations
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 authType=null
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 characterEncoding=UTF-8
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 contentLength=-1
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 contentType=null
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 contextPath=
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=accept-language=es-ES,es;q=0.8
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=x-forwarded-host=mies-057:8765
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=x-forwarded-prefix=/organization
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=upgrade-insecure-requests=1
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=accept-encoding=gzip
>>>>>>>>     2016-05-30 13:01:18.888 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9
>>>>>>>>     header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=user-agent=Mozilla/5.0 (Windows
>>>>>>>>     NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
>>>>>>>>     Chrome/50.0.2661.102 Safari/537.36
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=netflix.nfhttpclient.version=1.0
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9
>>>>>>>>     header=x-netflix-httpclientname=organization
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=host=mies-057:8083
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=connection=Keep-Alive
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 locale=es_ES
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 method=GET
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 pathInfo=null
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 protocol=HTTP/1.1
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 queryString=null
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 remoteAddr=192.168.56.1
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 remoteHost=192.168.56.1
>>>>>>>>     2016-05-30 13:01:18.889 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 remoteUser=null
>>>>>>>>     2016-05-30 13:01:18.890 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 requestedSessionId=null
>>>>>>>>     2016-05-30 13:01:18.890 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 scheme=http
>>>>>>>>     2016-05-30 13:01:18.890 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 serverName=mies-057
>>>>>>>>     2016-05-30 13:01:18.890 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 serverPort=8083
>>>>>>>>     2016-05-30 13:01:18.890 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 servletPath=/organizations
>>>>>>>>     2016-05-30 13:01:18.891 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 isSecure=false
>>>>>>>>     2016-05-30 13:01:18.891 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9
>>>>>>>>     ------------------=--------------------------------------------
>>>>>>>>
>>>>>>>>     Here x-forwarded-host is mies-057:8765 (the proxy server)
>>>>>>>>     and x-forwarded-prefix is /organization. So the original
>>>>>>>>     request is kept in the headers. Well, now my service (8083)
>>>>>>>>     tries to check for authorization via the /sso/login
>>>>>>>>     endpoint from the keycloak spring security adapter:
>>>>>>>>
>>>>>>>>     2016-05-30 13:01:18.892 DEBUG 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.k.a.s.management.HttpSessionManager    : Session created:
>>>>>>>>     CDCA7AD4439DE94BD0B3B5803DAA0752
>>>>>>>>     2016-05-30 13:01:18.892 DEBUG 18096 --- [nio-8083-exec-9]
>>>>>>>>     k.a.s.a.KeycloakAuthenticationEntryPoint : Redirecting to
>>>>>>>>     login URI /sso/login
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9
>>>>>>>>     ------------------=--------------------------------------------
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 authType=null
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 contentType=null
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=X-Content-Type-Options=nosniff
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=X-XSS-Protection=1; mode=block
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=Cache-Control=no-cache,
>>>>>>>>     no-store, max-age=0, must-revalidate
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=Pragma=no-cache
>>>>>>>>     2016-05-30 13:01:18.892 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=Expires=0
>>>>>>>>     2016-05-30 13:01:18.893 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 header=X-Frame-Options=DENY
>>>>>>>>     2016-05-30 13:01:18.893 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9
>>>>>>>>     header=Set-Cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752;
>>>>>>>>     Path=/; HttpOnly
>>>>>>>>     2016-05-30 13:01:18.893 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9
>>>>>>>>     header=Location=http://mies-057:8083/sso/login
>>>>>>>>     2016-05-30 13:01:18.893 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 remoteUser=null
>>>>>>>>     2016-05-30 13:01:18.893 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 status=302
>>>>>>>>     2016-05-30 13:01:18.893 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9 END TIME =30-may-2016 13:01:18
>>>>>>>>     2016-05-30 13:01:18.893 INFO 18096 --- [nio-8083-exec-9]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-9
>>>>>>>>     ===============================================================
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 START TIME =30-may-2016 13:01:18
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 requestURI=/sso/login
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 authType=null
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 characterEncoding=UTF-8
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 contentLength=-1
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 contentType=null
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 contextPath=
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10
>>>>>>>>     cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752
>>>>>>>>     2016-05-30 13:01:18.902 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 header=host=mies-057:8083
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 header=connection=keep-alive
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10
>>>>>>>>     header=accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 header=upgrade-insecure-requests=1
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 header=user-agent=Mozilla/5.0
>>>>>>>>     (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
>>>>>>>>     Gecko) Chrome/50.0.2661.102 Safari/537.36
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 header=accept-encoding=gzip, deflate,
>>>>>>>>     sdch
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 header=accept-language=es-ES,es;q=0.8
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10
>>>>>>>>     header=cookie=JSESSIONID=CDCA7AD4439DE94BD0B3B5803DAA0752
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 locale=es_ES
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 method=GET
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 pathInfo=null
>>>>>>>>     2016-05-30 13:01:18.903 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 protocol=HTTP/1.1
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 queryString=null
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 remoteAddr=192.168.56.1
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 remoteHost=192.168.56.1
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 remoteUser=null
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10
>>>>>>>>     requestedSessionId=CDCA7AD4439DE94BD0B3B5803DAA0752
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 scheme=http
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 serverName=mies-057
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 serverPort=8083
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 servletPath=/sso/login
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10 isSecure=false
>>>>>>>>     2016-05-30 13:01:18.904 INFO 18096 --- [io-8083-exec-10]
>>>>>>>>     o.a.c.filters.RequestDumperFilter        :
>>>>>>>>     http-nio-8083-exec-10
>>>>>>>>     ------------------=--------------------------------------------
>>>>>>>>     2016-05-30 13:01:18.904 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.PreAuthActionsHandler       :
>>>>>>>>     adminRequesthttp://mies-057:8083/sso/login
>>>>>>>>     2016-05-30 13:01:18.904 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     f.KeycloakAuthenticationProcessingFilter : Request is to
>>>>>>>>     process authentication
>>>>>>>>     2016-05-30 13:01:18.904 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     f.KeycloakAuthenticationProcessingFilter : Attempting
>>>>>>>>     Keycloak authentication
>>>>>>>>     2016-05-30 13:01:18.904 TRACE 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.RequestAuthenticator        : --> authenticate()
>>>>>>>>     2016-05-30 13:01:18.904 TRACE 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.RequestAuthenticator        : try bearer
>>>>>>>>     2016-05-30 13:01:18.904 TRACE 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.RequestAuthenticator        : try oauth
>>>>>>>>     2016-05-30 13:01:18.905 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.a.s.token.SpringSecurityTokenStore   : Checking if
>>>>>>>>     org.keycloak.adapters.springsecurity.authentication.SpringSecurityRequestAuthenticator at d328c2d
>>>>>>>>     is cached
>>>>>>>>     2016-05-30 13:01:18.905 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.OAuthRequestAuthenticator   : there was no code
>>>>>>>>     2016-05-30 13:01:18.905 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.OAuthRequestAuthenticator   : redirecting to
>>>>>>>>     auth server
>>>>>>>>     2016-05-30 13:01:18.905 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.OAuthRequestAuthenticator   : callback
>>>>>>>>     uri:http://mies-057:8083/sso/login
>>>>>>>>     2016-05-30 13:01:18.905 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     f.KeycloakAuthenticationProcessingFilter : Auth outcome:
>>>>>>>>     NOT_ATTEMPTED
>>>>>>>>     2016-05-30 13:01:18.905 DEBUG 18096 --- [io-8083-exec-10]
>>>>>>>>     o.k.adapters.OAuthRequestAuthenticator   : Sending redirect
>>>>>>>>     to login
>>>>>>>>     page:http://mies-057.tesicnor.com:8080/auth/realms/master/protocol/openid-connect/auth?response_type=code&client_id=organization&redirect_uri=http%3A%2F%2Fmies-057%3A8083%2Fsso%2Flogin&state=1%2F21d709ec-1e69-41c5-ac6d-c705f8ce3907&login=true
>>>>>>>>
>>>>>>>>     As it's shown in the logs, the X-forwarded logs are not
>>>>>>>>     kept by the keycloak adapter (look at the lines
>>>>>>>>     belowk.a.s.a.KeycloakAuthenticationEntryPoint : Redirecting
>>>>>>>>     to login URI /sso/login). So could it be the proxy server
>>>>>>>>     itself being properly configured but the keycloak adapter
>>>>>>>>     losing the original headers while performing the redirection?
>>>>>>>>
>>>>>>>>     I've also set up the request dumper in the undertow server
>>>>>>>>     as Niels suggested, but obviously, X-forwarded headers are
>>>>>>>>     not reaching the keycloak server..
>>>>>>>>
>>>>>>>>     Thanks for your time, again ;-)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>     25/05/2016 7:22(e)an, Stian Thorgersen igorleak idatzi zuen:
>>>>>>>>>     You need the Host and X-Forwarded-For headers to be
>>>>>>>>>     included and there's also some config to be done on the
>>>>>>>>>     Keycloak server (see
>>>>>>>>>     http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#proxy-address-forwarding)
>>>>>>>>>
>>>>>>>>>     On 24 May 2016 at 08:46, Aritz
>>>>>>>>>     Maeztu<amaeztu at tesicnor.com>wrote:
>>>>>>>>>
>>>>>>>>>         Hi Niels and Scott. First of all, thank you very much
>>>>>>>>>         for your help. I'm currently using Zuul (Spring Cloud)
>>>>>>>>>         as the reverse proxy. All the services are registered
>>>>>>>>>         in a discovery service called Eureka and then Zuul
>>>>>>>>>         looks for the service id there and performs de
>>>>>>>>>         redirection. I read aboutX-Forwarded headers, but I
>>>>>>>>>         thought it might result in a security issue if not
>>>>>>>>>         included, not that it could affect the redirection
>>>>>>>>>         process.
>>>>>>>>>
>>>>>>>>>         As Scott says, I suppose the Host and the X-Real-Ip
>>>>>>>>>         headers are the relevant ones here, so I guess I
>>>>>>>>>         should instruct Zuul to send them when the service is
>>>>>>>>>         addressed (however I wonder why they are not already
>>>>>>>>>         being sent, as Zuul is a proxy service, all in all).
>>>>>>>>>
>>>>>>>>>         Here I include a preview of the first redirection made
>>>>>>>>>         to the keycloak login page, which shows the request
>>>>>>>>>         headers sent to the service /login endpoint (at port
>>>>>>>>>         8081 in localhost):
>>>>>>>>>
>>>>>>>>>         https://www.dropbox.com/s/iof9yefytzay6j2/screenshot.PNG?dl=0
>>>>>>>>>
>>>>>>>>>         24/05/2016 2:08(e)an, Niels Bertram igorleak idatzi zuen:
>>>>>>>>>>         Hi Artitz,
>>>>>>>>>>
>>>>>>>>>>         a great way to figure out what is sent from the
>>>>>>>>>>         reverse proxy to your keycloak server is to use the
>>>>>>>>>>         undertow request dumper.
>>>>>>>>>>
>>>>>>>>>>         From the jboss-cli just add the request dumper filter
>>>>>>>>>>         to your undertow configuration like this:
>>>>>>>>>>
>>>>>>>>>>         $KC_HOME/bin/jbpss-cli.sh -c
>>>>>>>>>>
>>>>>>>>>>         /subsystem=undertow/configuration=filter/custom-filter=request-dumper:add(class-name=io.undertow.server.handlers.RequestDumpingHandler,
>>>>>>>>>>         module=io.undertow.core)
>>>>>>>>>>
>>>>>>>>>>         /subsystem=undertow/server=default-server/host=default-host/filter-ref=request-dumper:add
>>>>>>>>>>
>>>>>>>>>>         /:reload
>>>>>>>>>>
>>>>>>>>>>         given your apache config looks something like this:
>>>>>>>>>>
>>>>>>>>>>         ProxyRequests Off
>>>>>>>>>>         ProxyPreserveHost On
>>>>>>>>>>         ProxyVia On
>>>>>>>>>>
>>>>>>>>>>         ProxyPass /auth ajp://127.0.0.1:8009/auth
>>>>>>>>>>         <http://127.0.0.1:8009/auth>
>>>>>>>>>>         ProxyPassReverse /auth ajp://127.0.0.1:8009/auth
>>>>>>>>>>         <http://127.0.0.1:8009/auth>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>         you should see something like that (forwared info is
>>>>>>>>>>         somewhat rubbish in this example as I am running the
>>>>>>>>>>         hosts on Virtualbox - but you can see this request
>>>>>>>>>>         was put through 2 proxies from local pc 192.168.33.1
>>>>>>>>>>         to haproxy on 192.168.33.80 and then apache reverse
>>>>>>>>>>         proxy on 192.168.33.81 ):
>>>>>>>>>>
>>>>>>>>>>         ==============================================================
>>>>>>>>>>         23:47:20,563 INFO  [io.undertow.request.dump]
>>>>>>>>>>         (default task-14)
>>>>>>>>>>         ----------------------------REQUEST---------------------------
>>>>>>>>>>          URI=/auth/welcome-content/favicon.ico
>>>>>>>>>>          characterEncoding=null
>>>>>>>>>>          contentLength=-1
>>>>>>>>>>          contentType=null
>>>>>>>>>>         header=Accept=*/*
>>>>>>>>>>         header=Accept-Language=en-US,en;q=0.8,de;q=0.6
>>>>>>>>>>         header=Cache-Control=no-cache
>>>>>>>>>>         header=Accept-Encoding=gzip, deflate, sdch
>>>>>>>>>>         header=DNT=1
>>>>>>>>>>         header=Pragma=no-cache
>>>>>>>>>>         header=X-Original-To=192.168.33.80
>>>>>>>>>>         header=User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64)
>>>>>>>>>>         AppleWebKit/537.36 (KHTML, like Gecko)
>>>>>>>>>>         Chrome/50.0.2661.102 Safari/537.36
>>>>>>>>>>         header=Authorization=Basic
>>>>>>>>>>         bmljZSB0cnkgYnV0IGFtIG5vdCBmcm9tIHllc3RlcmRheQo=
>>>>>>>>>>         header=X-Forwarded-Proto=https
>>>>>>>>>>         header=X-Forwarded-Port=443
>>>>>>>>>>         header=X-Forwarded-For=192.168.33.1
>>>>>>>>>>         header=Referer=https://login.vagrant.dev/auth/
>>>>>>>>>>         header=Host=login.vagrant.dev
>>>>>>>>>>         locale=[en_US, en, de]
>>>>>>>>>>         method=GET
>>>>>>>>>>         protocol=HTTP/1.1
>>>>>>>>>>          queryString=
>>>>>>>>>>         remoteAddr=192.168.33.1:0 <http://192.168.33.1:0/>
>>>>>>>>>>         remoteHost=192.168.33.1
>>>>>>>>>>         scheme=https
>>>>>>>>>>         host=login.vagrant.dev
>>>>>>>>>>         serverPort=443
>>>>>>>>>>         --------------------------RESPONSE--------------------------
>>>>>>>>>>          contentLength=627
>>>>>>>>>>          contentType=application/octet-stream
>>>>>>>>>>         header=Cache-Control=max-age=2592000
>>>>>>>>>>         header=X-Powered-By=Undertow/1
>>>>>>>>>>         header=Server=WildFly/10
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>         Hope this helps diagnosing your issue. Niels
>>>>>>>>>>
>>>>>>>>>>         On Tue, May 24, 2016 at 1:20 AM, Aritz
>>>>>>>>>>         Maeztu<amaeztu at tesicnor.com>wrote:
>>>>>>>>>>
>>>>>>>>>>             I'm using keycloak to securize some Spring based
>>>>>>>>>>             services (with the keycloak spring security
>>>>>>>>>>             adapter). The adapter creates a `/login` endpoint
>>>>>>>>>>             in each of the services which redirects to the
>>>>>>>>>>             keycloak login page and then redirects back to
>>>>>>>>>>             the service when authentication is done. I also
>>>>>>>>>>             have a proxy service which I want to publish in
>>>>>>>>>>             the 80 port and will take care of routing all the
>>>>>>>>>>             requests to each service. The proxy performs a
>>>>>>>>>>             plain FORWARD to the service, but the problem
>>>>>>>>>>             comes when I securize the service with the
>>>>>>>>>>             keycloak adapter.
>>>>>>>>>>
>>>>>>>>>>             When I make a request, the adapter redirects to
>>>>>>>>>>             its login endpoint and then to the keycloak auth
>>>>>>>>>>             url. When keycloak sends the redirection, the url
>>>>>>>>>>             shown in the browser is the one from the service
>>>>>>>>>>             and not the one from the proxy. Do I have some
>>>>>>>>>>             choice to tell the adapter I want to redirect
>>>>>>>>>>             back to the first requested url?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>             --
>>>>>>>>>>             Aritz Maeztu Otaño
>>>>>>>>>>             Departamento Desarrollo de Software 	<Mail
>>>>>>>>>>             Attachment.gif>
>>>>>>>>>>             <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
>>>>>>>>>>
>>>>>>>>>>             <Mail Attachment.png> <http://www.tesicnor.com/> 	
>>>>>>>>>>
>>>>>>>>>>             Pol. Ind. Mocholi.C/Rio Elorz, Nave 13E31110
>>>>>>>>>>             Noain (Navarra)
>>>>>>>>>>             Telf.: 948 21 40 40
>>>>>>>>>>             Fax.: 948 21 40 41
>>>>>>>>>>
>>>>>>>>>>             Antes de imprimir este e-mail piense bien si es
>>>>>>>>>>             necesario hacerlo: El medioambiente es cosa de
>>>>>>>>>>             todos.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>             _______________________________________________
>>>>>>>>>>             keycloak-user mailing list
>>>>>>>>>>             keycloak-user at lists.jboss.org
>>>>>>>>>>             https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>         --
>>>>>>>>>         Aritz Maeztu Otaño
>>>>>>>>>         Departamento Desarrollo de Software 	<Mail
>>>>>>>>>         Attachment.gif>
>>>>>>>>>         <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
>>>>>>>>>
>>>>>>>>>         <Mail Attachment.png> <http://www.tesicnor.com/> 	
>>>>>>>>>
>>>>>>>>>         Pol. Ind. Mocholi.C/Rio Elorz, Nave 13E31110 Noain
>>>>>>>>>         (Navarra)
>>>>>>>>>         Telf.: 948 21 40 40
>>>>>>>>>         Fax.: 948 21 40 41
>>>>>>>>>
>>>>>>>>>         Antes de imprimir este e-mail piense bien si es
>>>>>>>>>         necesario hacerlo: El medioambiente es cosa de todos.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>         _______________________________________________
>>>>>>>>>         keycloak-user mailing list
>>>>>>>>>         keycloak-user at lists.jboss.org
>>>>>>>>>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>     --
>>>>>>>>     Aritz Maeztu Otaño
>>>>>>>>     Departamento Desarrollo de Software 	<Mail Attachment.gif>
>>>>>>>>     <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
>>>>>>>>
>>>>>>>>     <Mail Attachment.png> <http://www.tesicnor.com/> 	
>>>>>>>>
>>>>>>>>     Pol. Ind. Mocholi.C/Rio Elorz, Nave 13E31110 Noain (Navarra)
>>>>>>>>     Telf.: 948 21 40 40
>>>>>>>>     Fax.: 948 21 40 41
>>>>>>>>
>>>>>>>>     Antes de imprimir este e-mail piense bien si es necesario
>>>>>>>>     hacerlo: El medioambiente es cosa de todos.
>>>>>>>>
>>>>>>>>
>>>>>>>>     _______________________________________________
>>>>>>>>     keycloak-user mailing list
>>>>>>>>     keycloak-user at lists.jboss.org
>>>>>>>>     <mailto:keycloak-user at lists.jboss.org>
>>>>>>>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Aritz Maeztu Otaño
>>>>>>> Departamento Desarrollo de Software 	<linkdin.gif> 
>>>>>>> <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
>>>>>>> <logo.png> <http://www.tesicnor.com/> 	
>>>>>>>
>>>>>>> Pol. Ind. Mocholi.C/Rio Elorz, Nave 13E31110 Noain (Navarra)
>>>>>>> Telf.: 948 21 40 40
>>>>>>> Fax.: 948 21 40 41
>>>>>>>
>>>>>>> Antes de imprimir este e-mail piense bien si es necesario 
>>>>>>> hacerlo: El medioambiente es cosa de todos.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>> Avast logo 
>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>>> 	
>>>>>
>>>>> El software de antivirus Avast ha analizado este correo 
>>>>> electrónico en busca de virus.
>>>>> www.avast.com 
>>>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> Avast logo 
>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>> 	
>>>
>>> El software de antivirus Avast ha analizado este correo electrónico 
>>> en busca de virus.
>>> www.avast.com 
>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> 
>>>
>>>
>>>
>>
>
> -- 
> Aritz Maeztu Otaño
> Departamento Desarrollo de Software 
> <https://www.linkedin.com/profile/preview?vpa=pub&locale=es_ES>
> <http://www.tesicnor.com> 	
>
> Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
> Telf.: 948 21 40 40
> Fax.: 948 21 40 41
>
> Antes de imprimir este e-mail piense bien si es necesario hacerlo: El 
> medioambiente es cosa de todos.
>

-- 
Aritz Maeztu Otaño
Departamento Desarrollo de Software 
<https://www.linkedin.com/in/aritz-maeztu-ota%C3%B1o-65891942>
<http://www.tesicnor.com> 	

Pol. Ind. Mocholi. C/Rio Elorz, Nave 13E 31110 Noain (Navarra)
Telf. Aritz Maeztu: 948 68 03 06
Telf. Secretaría: 948 21 40 40

Antes de imprimir este e-mail piense bien si es necesario hacerlo: El 
medioambiente es cosa de todos.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160608/b6c57461/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1295 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160608/b6c57461/attachment-0002.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 2983 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160608/b6c57461/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkdin.gif
Type: image/gif
Size: 1295 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160608/b6c57461/attachment-0003.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.png
Type: image/png
Size: 2983 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160608/b6c57461/attachment-0003.png 


More information about the keycloak-user mailing list