[keycloak-user] Can there be multiple keycloak.auth-server-url in keycloak adapter
sagar bijlwan
sagar.bijlwan at gmail.com
Fri Apr 13 08:25:17 EDT 2018
Hi,
I am using nginx as reverse proxy facing the external world and my spring
boot app and keycloak are deployed internally.
In Spring boot application.properties i am providing proxy address and
redirecting to real instance from proxy.
keycloak.auth-server-url=https://proxyadress/auth
nginx.conf snippet
location /auth {
proxy_pass http://internalbox:9000/auth;
proxy_buffering off;
client_max_body_size 0;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Scenario:
When an unautenticated user tries to access the app, app redirects to
https://proxyadress/auth. Proxy in tun redirects to real instance and user
logs in. The issue is after the log in. keycloak adapter tries to turn
access code into acccess token and generates a POST. For that it uses the
address given in auth-server-url i.e. proxy address. Clearly there is no
keycloak sitting at the proxy at port 443 and there are errors and Auth
outcome is FAILED.
How can i tell keycoak-adapter to use an internal URL for this POST
request? Any other workaround ?
Thanks
Sagar
--
S A M
More information about the keycloak-user
mailing list