I changed the proxy server setting like below, but still not working.
Should I uncomment the ssl part?
[Apache Proxy]
#Other Proxy
<Location /abc>
ProxyPass https://OTHER.com/abc/
ProxyPassReverse https://OTHER.com/abc/
< /Location>
#SSO Proxy
<Location /realms>
ProxyPreserveHost On # Includes -Host, -Server, -For
#RequestHeader set x-ssl-client-cert “%{SSL_CLIENT_CERT}s”
RequestHeader set X-Forwarded-Proto “https”
RequestHeader set X-Forwarded-Port “443”
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
ProxyPass https://KEYCLOAK.com/realms
ProxyPassReverse https://KEYCLOAKcom/realms
< /Location>
<Location /resources>
ProxyPreserveHost On # Includes -Host, -Server, -For
#RequestHeader set x-ssl-client-cert “%{SSL_CLIENT_CERT}s”
RequestHeader set X-Forwarded-Proto “https”
RequestHeader set X-Forwarded-Port “443”
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
ProxyPass https://KEYCLOAK.com/resources
ProxyPassReverse https://KEYCLOAKcom/resources
< /Location>
Reading the log, I found out that the first time it uses #PROXY_DOMAIN
but then uses #KEYCLOAK_DOMAIN after the username-password-form.
Would this be the one causing the problem?
How can I make it to keep use the #PROXY_DOMAIN?
[Keycloak Log] Azure Ad > Keycloak
2022-07-12 10:01:52,412 DEBUG [io.netty.handler.ssl.SslHandler] (vert.x-eventloop-thread-1) [id: 0xebaf0c22, L:/#KEYCLOAK_IP:443 - R:/#PROXY_IP:53064] HANDSHAKEN: protocol:TLSv1.3 cipher suite:TLS_AES_256_GCM_SHA384
2022-07-12 10:01:52,413 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) new JtaTransactionWrapper
2022-07-12 10:01:52,413 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) was existing? false
2022-07-12 10:01:52,414 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-0) Recalculated absoluteURI to https://#PROXY_DOMAIN/realms/#KEYCLOAK_REALM/protocol/saml
2022-07-12 10:01:52,415 DEBUG [org.keycloak.protocol.saml.SamlService] (executor-thread-0) SAML POST
2022-07-12 10:01:52,415 DEBUG [org.keycloak.saml.SAMLRequestParser] (executor-thread-0) SAML POST Binding
2022-07-12 10:01:52,415 DEBUG [org.keycloak.saml.SAMLRequestParser] (executor-thread-0) <samlp:AuthnRequest ID=“_7860aeee-64da-4fba-9e4c-2f9e3fa9faf9” Version=“2.0” IssueInstant=“2022-07-12T01:01:52.140Z” xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”>urn:federation:MicrosoftOnline<samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:persistent”/></samlp:AuthnRequest>
2022-07-12 10:01:52,416 DEBUG [org.keycloak.protocol.saml.SamlService] (executor-thread-0) ** login request
2022-07-12 10:01:52,416 DEBUG [org.keycloak.protocol.saml.SamlService] (executor-thread-0) verified request
2022-07-12 10:01:52,416 DEBUG [org.keycloak.services.util.CookieHelper] (executor-thread-0) Could not find any cookies with name {0}, trying {1}
2022-07-12 10:01:52,416 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (executor-thread-0) Not found AUTH_SESSION_ID cookie
2022-07-12 10:01:52,416 DEBUG [org.keycloak.services.util.CookieHelper] (executor-thread-0) Could not find any cookies with name {0}, trying {1}
2022-07-12 10:01:52,416 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (executor-thread-0) Not found AUTH_SESSION_ID cookie
2022-07-12 10:01:52,416 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (executor-thread-0) Set AUTH_SESSION_ID cookie with value 4da155db-bf9b-432b-9d45-bd9a545dfcbd.aessowwd01-43592
2022-07-12 10:01:52,417 DEBUG [org.keycloak.protocol.AuthorizationEndpointBase] (executor-thread-0) Sent request to authz endpoint. Created new root authentication session with ID ‘4da155db-bf9b-432b-9d45-bd9a545dfcbd’ . Client: urn:federation:MicrosoftOnline . New authentication session tab ID: bSwwpu8R6qQ
2022-07-12 10:01:52,417 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (executor-thread-0) Redirecting to URL: https://#KEYCLOAK_DOMAIN/realms/#KEYCLOAK_REALM/login-actions/authenticate?client_id=urn%3Afederation%3AMicrosoftOnline&tab_id=bSwwpu8R6qQ
2022-07-12 10:01:52,417 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper commit
2022-07-12 10:01:52,417 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper end
2022-07-12 10:01:52,480 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) new JtaTransactionWrapper
2022-07-12 10:01:52,480 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) was existing? false
2022-07-12 10:01:52,481 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-0) Recalculated absoluteURI to https://#PROXY_DOMAIN/realms/#KEYCLOAK_REALM/login-actions/authenticate?client_id=urn%3Afederation%3AMicrosoftOnline&tab_id=bSwwpu8R6qQ
2022-07-12 10:01:52,482 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (executor-thread-0) Will use client ‘urn:federation:MicrosoftOnline’ in back-to-application link
2022-07-12 10:01:52,482 DEBUG [org.keycloak.services.util.CookieHelper] (executor-thread-0) AUTH_SESSION_ID cookie found in the request header
2022-07-12 10:01:52,482 DEBUG [org.keycloak.services.util.CookieHelper] (executor-thread-0) AUTH_SESSION_ID cookie found in the cookie field
2022-07-12 10:01:52,482 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (executor-thread-0) Found AUTH_SESSION_ID cookie with value 4da155db-bf9b-432b-9d45-bd9a545dfcbd.aessowwd01-43592
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (executor-thread-0) AUTHENTICATE
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (executor-thread-0) AUTHENTICATE ONLY
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-0) processFlow: Client1 Form - Pass MFA
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-0) check execution: ‘Client1 Form - Pass MFA Client1 Form 1st Auth flow’, requirement: ‘REQUIRED’
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-0) processFlow: Client1 Form - Pass MFA Client1 Form 1st Auth
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-0) check execution: ‘auth-username-password-form’, requirement: ‘REQUIRED’
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-0) authenticator: auth-username-password-form
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (executor-thread-0) Going through the flow ‘Client1 Form - Pass MFA’ for adding executions
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (executor-thread-0) Going through the flow ‘Client1 Form - Pass MFA Client1 Form 1st Auth’ for adding executions
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (executor-thread-0) Selections when trying execution ‘auth-username-password-form’ : [ authSelection - auth-username-password-form]
2022-07-12 10:01:52,482 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (executor-thread-0) invoke authenticator.authenticate: auth-username-password-form
2022-07-12 10:01:52,482 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) new JtaTransactionWrapper
2022-07-12 10:01:52,482 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) was existing? true
2022-07-12 10:01:52,483 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper commit
2022-07-12 10:01:52,483 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper end
2022-07-12 10:01:52,483 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper resuming suspended
2022-07-12 10:01:52,483 DEBUG [freemarker.cache] (executor-thread-0) Couldn’t find template in cache for “template.ftl”(“en_US”, UTF-8, parsed); will try to load it.
2022-07-12 10:01:52,484 DEBUG [freemarker.cache] (executor-thread-0) TemplateLoader.findTemplateSource(“template_en_US.ftl”): Not found
2022-07-12 10:01:52,484 DEBUG [freemarker.cache] (executor-thread-0) TemplateLoader.findTemplateSource(“template_en.ftl”): Not found
2022-07-12 10:01:52,484 DEBUG [freemarker.cache] (executor-thread-0) TemplateLoader.findTemplateSource(“template.ftl”): Found
2022-07-12 10:01:52,484 DEBUG [freemarker.cache] (executor-thread-0) Loading template for “template.ftl”(“en_US”, UTF-8, parsed) from “jar:file:#PATH/keycloak-18.0.1/lib/lib/main/org.keycloak.keycloak-themes-18.0.1.jar!/theme/base/login/template.ftl”
2022-07-12 10:01:52,491 DEBUG [freemarker.beans] (executor-thread-0) Key “selectedCredential” was not found on instance of org.keycloak.forms.login.freemarker.model.AuthenticationContextBean. Introspection information for the class is: {getClass=public final native java.lang.Class java.lang.Object.getClass(), getAuthenticationSelections=public java.util.List org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.getAuthenticationSelections(), showResetCredentials=public boolean org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.showResetCredentials(), authenticationSelections=freemarker.ext.beans.FastPropertyDescriptor@6692a223, java.lang.Object@2c5a9c68={public java.lang.String java.lang.Object.toString()=[Ljava.lang.Class;@ 49eb74, public java.lang.String org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.getAttemptedUsername()=[Ljava.lang.Class;@ 69a749cb, public boolean org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.showTryAnotherWayLink()=[Ljava.lang.Class;@ 709dd98d, public boolean org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.showResetCredentials()=[Ljava.lang.Class;@ 36dfe07, public java.util.List org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.getAuthenticationSelections()=[Ljava.lang.Class;@ 4cb0b755, public final native java.lang.Class java.lang.Object.getClass()=[Ljava.lang.Class;@ 1f8a4619, public native int java.lang.Object.hashCode()=[Ljava.lang.Class;@ 1c5b5d4, public boolean org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.showUsername()=[Ljava.lang.Class;@ 6db4fe2d, public boolean java.lang.Object.equals(java.lang.Object)=[Ljava.lang.Class;@ 2477e6d1}, showUsername=public boolean org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.showUsername(), hashCode=public native int java.lang.Object.hashCode(), equals=public boolean java.lang.Object.equals(java.lang.Object), toString=public java.lang.String java.lang.Object.toString(), showTryAnotherWayLink=public boolean org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.showTryAnotherWayLink(), attemptedUsername=freemarker.ext.beans.FastPropertyDescriptor@6900c6c8, class=freemarker.ext.beans.FastPropertyDescriptor@45c7b529, getAttemptedUsername=public java.lang.String org.keycloak.forms.login.freemarker.model.AuthenticationContextBean.getAttemptedUsername(), java.lang.Object@70787a27=freemarker.ext.beans.SimpleMethod@f487e2a}
2022-07-12 10:01:52,491 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper commit
2022-07-12 10:01:52,491 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper end
2022-07-12 10:01:52,539 DEBUG [io.netty.handler.ssl.SslHandler] (vert.x-eventloop-thread-3) [id: 0x55a478f6, L:/#KEYCLOAK_IP:443 - R:/#PROXY_IP:53066] HANDSHAKEN: protocol:TLSv1.3 cipher suite:TLS_AES_256_GCM_SHA384
2022-07-12 10:01:52,540 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) new JtaTransactionWrapper
2022-07-12 10:01:52,540 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) was existing? false
2022-07-12 10:01:52,540 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-0) Recalculated absoluteURI to https://#PROXY_DOMAIN/resources/gqsk6/common/keycloak/web_modules/@ patternfly/react-core/dist/styles/base.css
2022-07-12 10:01:52,541 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper commit
2022-07-12 10:01:52,541 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-0) JtaTransactionWrapper end
…(ALL /resources stuff)
[Keycloak Log] After 1st Auth(username-password-form)
2022-07-12 10:02:11,147 DEBUG [io.netty.handler.ssl.SslHandler] (vert.x-eventloop-thread-5) [id: 0x893c20f6, L:/#KEYCLOAK_IP:443 - R:/#CLIENT_IP:50536] HANDSHAKEN: protocol:TLSv1.2 cipher suite:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2022-07-12 10:02:11,160 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) new JtaTransactionWrapper
2022-07-12 10:02:11,160 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) was existing? false
2022-07-12 10:02:11,160 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-5) Recalculated absoluteURI to https://#KEYCLOAK_DOMAIN/realms/#KEYCLOAK_REALM/login-actions/authenticate?session_code=nLX8PxN_oib96Fd0bU8DrW4ZGoTQaWleWG1H3-Uic38&execution=c15613fd-7070-448f-b8c5-f7adc75b6d4a&client_id=urn%3Afederation%3AMicrosoftOnline&tab_id=bSwwpu8R6qQ
2022-07-12 10:02:11,161 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (executor-thread-5) Will use client ‘urn:federation:MicrosoftOnline’ in back-to-application link
2022-07-12 10:02:11,162 DEBUG [org.keycloak.services.util.CookieHelper] (executor-thread-5) Could not find any cookies with name {0}, trying {1}
2022-07-12 10:02:11,162 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (executor-thread-5) Not found AUTH_SESSION_ID cookie
2022-07-12 10:02:11,162 DEBUG [org.keycloak.services.util.CookieHelper] (executor-thread-5) Could not find any cookies with name {0}, trying {1}
2022-07-12 10:02:11,162 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (executor-thread-5) Not found AUTH_SESSION_ID cookie
2022-07-12 10:02:11,162 DEBUG [org.keycloak.services.util.CookieHelper] (executor-thread-5) Could not find any cookies with name {0}, trying {1}
2022-07-12 10:02:11,162 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (executor-thread-5) Not found AUTH_SESSION_ID cookie
2022-07-12 10:02:11,162 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (executor-thread-5) Authentication session not found. Trying to restart from cookie.
2022-07-12 10:02:11,162 DEBUG [org.keycloak.protocol.RestartLoginCookie] (executor-thread-5) KC_RESTART cookie doesn’t exist
2022-07-12 10:02:11,163 DEBUG [freemarker.cache] (executor-thread-5) Couldn’t find template in cache for “template.ftl”(“en_US”, UTF-8, parsed); will try to load it.
2022-07-12 10:02:11,163 DEBUG [freemarker.cache] (executor-thread-5) TemplateLoader.findTemplateSource(“template_en_US.ftl”): Not found
2022-07-12 10:02:11,163 DEBUG [freemarker.cache] (executor-thread-5) TemplateLoader.findTemplateSource(“template_en.ftl”): Not found
2022-07-12 10:02:11,163 DEBUG [freemarker.cache] (executor-thread-5) TemplateLoader.findTemplateSource(“template.ftl”): Found
2022-07-12 10:02:11,163 DEBUG [freemarker.cache] (executor-thread-5) Loading template for “template.ftl”(“en_US”, UTF-8, parsed) from “jar:file:#PATH/keycloak-18.0.1/lib/lib/main/org.keycloak.keycloak-themes-18.0.1.jar!/theme/base/login/template.ftl”
2022-07-12 10:02:11,168 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) JtaTransactionWrapper commit
2022-07-12 10:02:11,168 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) JtaTransactionWrapper end
2022-07-12 10:02:11,168 WARN [org.keycloak.events] (executor-thread-5) type=LOGIN_ERROR, realmId=#KEYCLOAK_REALM, clientId=null, userId=null, ipAddress=#CLIENT_IP, error=cookie_not_found
2022-07-12 10:02:11,197 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) new JtaTransactionWrapper
2022-07-12 10:02:11,197 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) was existing? false
2022-07-12 10:02:11,197 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-5) Recalculated absoluteURI to https://#KEYCLOAK_DOMAIN/resources/gqsk6/common/keycloak/node_modules/patternfly/dist/css/patternfly-additions.min.css
2022-07-12 10:02:11,198 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) JtaTransactionWrapper commit
2022-07-12 10:02:11,198 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-5) JtaTransactionWrapper end
2022-07-12 10:02:11,197 DEBUG [io.quarkus.resteasy] (vert.x-eventloop-thread-5) IO Exception : io.vertx.core.http.StreamResetException: Stream reset: 8
2022-07-12 10:02:11,199 DEBUG [io.quarkus.resteasy] (vert.x-eventloop-thread-5) IO Exception : io.vertx.core.VertxException: Connection was closed