[keycloak-user] Invalid parameter: redirect_uri behind reverse proxy
Corentin Dupont
corentin.dupont at gmail.com
Tue Sep 25 12:21:09 EDT 2018
Hello,
wWhen opening the admin console: https://keycloak.mysite.com/auth/admin/.
The page is redirecting to:
https://keycloak.mysite.com/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2Fkeycloak.mysite.com%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=580747dc-8471-40be-8d9c-e63af68cf605&response_mode=fragment&response_type=code&scope=openid&nonce=28c85baa-6c76-44d9-8f4a-796a58d29383
But I get this message:
Invalid parameter: redirect_uri
It seems that keycloak doesn't like the https in the redirect. Can it be?
My Keycloak is behind a reverse proxy.
I setup the following tags in standalone.xml:
<http-listener name="default" socket-binding="http" enable-http2="true"
proxy-address-forwarding="true" redirect-socket="proxy-https"/>
<socket-binding name="proxy-https" port="443"/>
My reverse proxy is also setting headers: Host, X-Real-IP, X-Forwarded-For,
X-Forwarded-Proto.
Using tcpdump, I can see the following headers:
GET
/auth/resources/4.4.0.final/login/keycloak/node_modules/patternfly/dist/fonts/OpenSans-Light-webfont.woff2
HTTP/1.0
Host: keycloak.staging.waziup.io
X-Real-IP: 18.195.197.182
X-Forwarded-For: 217.77.82.229, 18.195.197.182
X-Forwarded-Proto: http
Connection: close
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101
Firefox/62.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer:
https://keycloak.staging.waziup.io/auth/resources/4.4.0.final/login/keycloak/node_modules/patternfly/dist/css/patternfly.css
Cookie: _ga=GA1.2.823033289.1537866165; _gid=GA1.2.861449812.1537866165
Pragma: no-cache
Cache-Control: no-cache
Are they correct?
Thanks a lot
Corentin
More information about the keycloak-user
mailing list