[keycloak-user] Keycloak behind an IIS proxy
Виталий Ищенко
betalb at gmail.com
Fri Dec 22 19:49:31 EST 2017
Not only proto, but looks like X-Forwarded-Host is also missing
пт, 22 дек. 2017 г. в 21:08, Domenico Briganti <dometec at gmail.com>:
> Hi Kevin,
> you should let Keycloak know that you are using https. With Apache
> httpd you need to add this parameter:
>
> RequestHeader set X-Forwarded-Proto "https"
>
> For sure IIS has something like this.
>
> Regards,
> Domenico Briganti
>
>
> Il giorno ven, 22/12/2017 alle 16.50 +0000, Kevin Cuijpers ha scritto:
> > Hello,
> >
> > I am trying to make KeyCloak work behind an IIS proxy.
> > Here is what I want to do:
> > KeyCloak is installed and available remotely on:
> > https://www.server.com/auth/
> > On IIS I created an "Application Request Routing Cache" that I
> > already use for another application.
> > I created an "URL Rewrite" with inbound rule that takes pattern
> > auth/(.*) and rewrites it to rewrite url: http://127.0.0.1:8080/auth/
> > {R:1}
> >
> > Now my problem is that this rewrite url is used by the keycloak
> > server when a user tries to log in.
> > If my application redirects the user to log in, the url is https://ww
> > w.server.com/auth/realms/myrealm/protocol/openid-
> > connect/auth?response_type=code&client_id=...
> > but behind the Login button, the action is http://127.0.0.1:8080/auth
> > /realms/myrealm/login-actions/aut...
> > which of course doesn't work because it needs to be https://www.serve
> > r.com instead of http://127.0.0.1:8080
> >
> > I have tried about everything in http://www.keycloak.org/docs/latest/
> > server_installation/index.html#identifying-client-ip-addresses but
> > without success.
> > If I use proxy-address-forwarding="true" I get
> > We're sorry ...
> >
> > HTTPS required
> >
> > Can somebody please clarify how I can configure keycloak to use https
> > ://www.server.com instead of http://127.0.0.1:8080 ?
> >
> > Best regards,
> >
> > Kevin
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list