[keycloak-user] How to configure Keycloak in case of Reverse Proxy with NAT?
Michael Furman
michael_furman at hotmail.com
Sun Nov 27 23:34:20 EST 2016
Hi all,
I need to configure Keycloak to work behind Reverse Proxy with Network Address Translation
I have servers that have the external IP to access from a browser and internal IP for inter process access.
Also, it is not possible to access from internal IPs to external IPs.
Therefore, the following configuration should be returned upon the call of http://<external IP>/auth/realms/master/.well-known/openid-configuration<http://%3cexternal%20IP%3e/auth/realms/master/.well-known/openid-configuration>:
"issuer":"http://<external IP>/auth/realms/master<http://%3cexternal%20IP%3e/auth/realms/master>",
"authorization_endpoint":"http://<external IP>/auth/realms/master/protocol/openid-connect/auth<http://%3cexternal%20IP%3e/auth/realms/master/protocol/openid-connect/auth>",
"token_endpoint":"http://<internal IP>/auth/realms/master/protocol/openid-connect/token<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/token>",
"userinfo_endpoint":"http://<internal IP>/auth/realms/master/protocol/openid-connect/userinfo<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/userinfo>",
"jwks_uri":"http://<internal IP>/auth/realms/master/protocol/openid-connect/certs<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/certs>",
"end_session_endpoint":"http://<external IP>/auth/realms/master/protocol/openid-connect/logout<http://%3cexternal%20IP%3e/auth/realms/master/protocol/openid-connect/logout>",
"check_session_iframe":"http://<external IP>/auth/realms/master/protocol/openid-connect/login-status-iframe.html<http://%3cexternal%20IP%3e/auth/realms/master/protocol/openid-connect/login-status-iframe.html>",
"token_introspection_endpoint":"http://<internal IP>/auth/realms/master/protocol/openid-connect/token/introspect<http://%3cinternal%20IP%3e/auth/realms/master/protocol/openid-connect/token/introspect>",
Will happy for any insights.
Michael
More information about the keycloak-user
mailing list