[keycloak-user] Issue Configuring HTTP Reverse Proxy to Keycloak
Colin Ritchie
colin.ritchie at tasktop.com
Wed Nov 9 14:58:35 EST 2016
Hello,
I am having trouble getting keycloak to work behind a reverse proxy.
I have installed Keycloak on the same server as our existing web
application running in Tomcat, with keycloak listening on 8081 and Tomcat
listening on 8080. I have configured an HTTP reverse proxy in Tomcat
using https://github.com/mitre/HTTP-Proxy-Servlet. I am forwarding /auth
to the reverse proxy, which in turns connects to keycloak (
http://localhost:8081/auth).
When I visit "http://localhost:8080/auth", the first page in this scenario
works: the "Welcome to Keycloak" page appears. But when I click on the
"Administration Console" link, the first redirect works, to
"/auth/admin/master/console". But it then quickly redirects the browser
directly to the keycloak port:
http://localhost:*8081*/auth/realms/master/protocol/openid-
connect/auth?client_id=security-admin-console&redirect_uri=http%3A%2F%
2Flocalhost%3A8080%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&
state=a36dd30e-6268-4545-9a4f-a397169917b6&nonce=79d7099d-
10df-471f-96e9-b13a8da17b55&response_mode=fragment&response_type=code&scope=
openid
The reverse proxy sets the X-Forwarded-For and X-Forwarded-Proto headers.
And I have configured keycloak according to https://keycloak.gitbooks.
io/server-installation-and-configuration/content/topics/
clustering/load-balancer.html, setting the proxy-address-forwarding
attribute.
I am also seeing, on the final redirected page, the error "Invalid
parameter: redirect_uri".
Any help would be very appreciated.
--
*Colin Ritchie **|* *Engineering Manager* *|* *Tasktop Technologies*
More information about the keycloak-user
mailing list