[keycloak-user] Tomcat 8 mod_proxy authentication error
Jim Tyrrell
jimtyrrell at yahoo.com
Fri Aug 25 09:31:38 EDT 2017
Team,
Javascript via a bearer token in a react app works fine to hit a URL that is configured in Tomcat to be protected. tomcat.server/somepath/somepath/test.jsp
The issue comes in when I try to login to the same URL that a bearer token works for, and I get in the tomcat log an error message of:25-Aug-2017 13:12:03.253 ERROR [ajp-nio-8009-exec-10] org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode status from server: 404
If I am logged into the react app and try to hit the protected URL, I get a browser error of too many redirects when hitting the protected Tomcat URL.
Googling around seems like I am practically the first one to see this issue.
Nothing in the server server.log of the keycloak server.
Configs are in tomcat:keycloak.json{
"realm": "myapp", "realm-public-key":"${truncated}" "auth-server-url": "https://someurl/auth",
"ssl-required": "external",
"resource": "customer-portal","enable-basic-auth": "true", "credentials": {
"secret": "some secret"
},
"use-resource-role-mappings": "false"
}
In the server.xml of key cloak I have from the docs made the following changes..
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/><https-listener name="default-ssl" socket-binding="https" security-realm="UndertowRealm"/>
<ajp-listener name="ajpListener" socket-binding="ajp"/>
<socket-binding name="proxy-https" port="443"/>
In my ajp.conf for mod_proxy I have this setup:RequestHeader set X-Forwarded-Proto "https" env=HTTPSProxyPass /auth ajp://auth.someurl.com:8009/authProxyPassReverse /auth ajp://auth.someurl.com:8009/auth
I assume something isn't right in this setup, but who knows.
Thank YouJim
More information about the keycloak-user
mailing list