[keycloak-user] Keycloak behind an IIS proxy
Kevin Cuijpers
Kevin.Cuijpers at mips.be
Fri Dec 22 11:50:10 EST 2017
Hello,
I am trying to make KeyCloak work behind an IIS proxy.
Here is what I want to do:
KeyCloak is installed and available remotely on:
https://www.server.com/auth/
On IIS I created an "Application Request Routing Cache" that I already use for another application.
I created an "URL Rewrite" with inbound rule that takes pattern auth/(.*) and rewrites it to rewrite url: http://127.0.0.1:8080/auth/{R:1}
Now my problem is that this rewrite url is used by the keycloak server when a user tries to log in.
If my application redirects the user to log in, the url is https://www.server.com/auth/realms/myrealm/protocol/openid-connect/auth?response_type=code&client_id=...
but behind the Login button, the action is http://127.0.0.1:8080/auth/realms/myrealm/login-actions/aut...
which of course doesn't work because it needs to be https://www.server.com instead of http://127.0.0.1:8080
I have tried about everything in http://www.keycloak.org/docs/latest/server_installation/index.html#identifying-client-ip-addresses but without success.
If I use proxy-address-forwarding="true" I get
We're sorry ...
HTTPS required
Can somebody please clarify how I can configure keycloak to use https://www.server.com instead of http://127.0.0.1:8080 ?
Best regards,
Kevin
More information about the keycloak-user
mailing list