[keycloak-user] Wildfly Container Managed Security Constraint Redirect localhost

Ryan Slominski ryans at jlab.org
Thu Aug 9 08:06:08 EDT 2018 

Hi Dmitry,
  Yes, that seems to be it.  I am using Apache reverse proxy to get my Wildfly application on port 8080 accessible over port 443.  My proxy rule was using localhost instead of myserver.example.com and after replacing localhost with actual hostname now it seems to be working.   I say seems to be working because I now get past the localhost redirect issue, but it doesn't seem like the servlet container acknowledges I'm logged in.  I am redirected back to the application with a parameter session_state=<long string of characters and numbers>.  However, the EL expression on the return page: "${pageContext.request.userPrincipal eq null}" is showing true - suggesting that the Wildfly servlet container doesn't know I'm logged in.  Does the Wildfly client adapter not integrate with container managed security?

Thanks,

Ryan
 
----- Original Message -----
From: "Dmitry Telegin" <dt at acutus.pro>
To: "Ryan Slominski" <ryans at jlab.org>, "keycloak-user" <keycloak-user at lists.jboss.org>
Sent: Wednesday, August 8, 2018 7:23:54 PM
Subject: Re: [keycloak-user] Wildfly Container Managed Security Constraint Redirect localhost

Hi Ryan,

Is your Wildfly (not Keycloak) behind a reverse proxy?

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Wed, 2018-08-08 at 16:34 -0400, Ryan Slominski wrote:
> Hi Keycloak Users,
>    I'm attempting to setup a Wildfly application as a client to Keycloak and an issue I'm seeing is that if I navigate my web browser to a protected resource I am redirected to Keycloak as expected, but the return URL (redirect_uri parameter) is to localhost, not back to my actual hostname, say "myserver.example.com".  This breaks the process with the Keycloak error "Invalid parameter: redirect_uri".  How do I configure the Wildfly client adapter to generate a redirect_uri to my actual hostname instead of to localhost?  When I browse my Wildfly application on unprotected pages I'm using the actual hostname already.  In Wildfly standalone.xml I've set inet-address for public to 0.0.0.0 to replace 127.0.0.1.  I've also updated the host element default-host alias to match myserver.example.com to replace "localhost".  Neither of those changes made a difference.
> 
> Thanks,
> 
> Ryan
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwIDaQ&c=lz9TcOasaINaaC3U7FbMev2lsutwpI4--09aP8Lu18s&r=EMs2e6afv3D1GQJO76Z9Fg&m=dy3zK_QykozR2oKV0NPiTYV0jPbZPr3oec2q3J-4sv8&s=5Oidky1NOrNuaeKqfLmmti9wN1UU1-XUGq3S605jLmU&e=

More information about the keycloak-user mailing list