[keycloak-user] Help Needed on X509 Certificate Authentication with keycloak behind Nginx reverse proxy
Marek Posolda
mposolda at redhat.com
Tue Jan 9 15:40:42 EST 2018
By coincidence, I've just send PR for the documentation support around
this: https://github.com/keycloak/keycloak-documentation/pull/287
In shortcut, we have builtin support when Keycloak is behind Apache
reverse proxy or HAProxy. We didn't yet tried to test with Keycloak
behind NGinx, but it's possible that one of the providers like "apache"
or "haproxy" will work with nginx too. If it doesn't, you can
investigate the reason and possibly send PR.
Good luck,
Marek
On 09/01/18 20:48, Matt McShea wrote:
> Hello,
>
> I am running into the exact issue described in a previous thread, and was wondering if there have been any updates made in the recent releases that fix this issue.
>
> http://lists.jboss.org/pipermail/keycloak-user/2017-September/011905.html
>
> Like Thomas in that thread, everything works with the ngninx reverse proxy, but when I go through the proxy I'm unable to login.
>
> If I use the following line in my proxy configuration" proxy_set_header X-SSL-CERT $ssl_client_raw_cert", I just get a blank page with no html codes or anything.
>
> If I use $ssl_client_cert instead, I get redirected to the username/password login as if there wasn't a client certificate.
>
> I am currently using 3.1.0, but upgraded to Wildfly 11.
>
> Thanks,
> Matt McShea
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list