Keycloak(a.com) on JDK behind Apache Proxy(b.com)

Hi,

Keycloak server (a.com) is in the indsie (company) DNS,
and the proxy server is in both inside and outside DNS.

Proxy server is set to redirect depending on the path after the domain:

• b.com/aaa/… => c.com/aaa/…
• b.com/bbb/ => d.com/xvz/…
• b.com/realms/ => a.com/realms/ # This is the one I added now

The other proxies work fine; it correctly redirects to the servers behind.
But for keycloak, it shows “We are sorry Page Not Found” w/o any css (white backgroud w/ black letters)

Keyclaok Log [a.com]
2022-07-04 18:49:07,522 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-1) Recalculated absoluteURI to https://a.com/realms/TEST/protocol/saml/descriptor
2022-07-04 18:49:07,525 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-1) JtaTransactionWrapper commit
2022-07-04 18:49:07,525 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (executor-thread-1) JtaTransactionWrapper end
2022-07-04 18:49:09,507 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-0) new JtaTransactionWrapper
2022-07-04 18:49:09,507 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-0) was existing? false
2022-07-04 18:49:09,507 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-0) JtaTransactionWrapper commit

Keyclaok Log [b.com > a.com]
2022-07-04 18:49:35,072 DEBUG [io.quarkus.vertx.http.runtime.ForwardedParser] (executor-thread-1) Recalculated absoluteURI to https://b.com/realms//TEST/protocol/saml/descriptor
2022-07-04 18:49:35,072 DEBUG [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-1) Error response 404: javax.ws.rs.NotFoundException: RESTEASY003210: Could not find resource for full path: https://b.com/realms//TEST/protocol/saml/descriptor
at org.jboss.resteasy.core.registry.SegmentNode.match(SegmentNode.java:152)
at org.jboss.resteasy.core.registry.RootNode.match(RootNode.java:74)
at org.jboss.resteasy.core.registry.RootClassNode.match(RootClassNode.java:47)
at org.jboss.resteasy.core.ResourceMethodRegistry.getResourceInvoker(ResourceMethodRegistry.java:480)
at org.jboss.resteasy.core.SynchronousDispatcher.getInvoker(SynchronousDispatcher.java:332)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:253)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:67)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:55)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:380)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$5.handle(VertxHttpRecorder.java:358)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1212)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:163)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$1(QuarkusRequestFilter.java:71)
at io.vertx.core.impl.ContextImpl.lambda$null$0(ContextImpl.java:159)
at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
at io.vertx.core.impl.ContextImpl.lambda$executeBlocking$1(ContextImpl.java:157)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$13.runWith(VertxCoreRecorder.java:543)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)

keycloak.conf
https-certificate-file=/…/cert.pem
https-certificate-key-file=/…/key.pem
proxy=passthrough #tried “reencrypt” and “edge” too but nothing worked
proxy_address_forwarding=true
hostname=a.com
http-port=80
https-port=443
https-protocols=TLSv1.3,TLSv1.2
http-enabled=true
hostname-strict=false
hostname-strict-https=false

/etc/hosts
127.0.0.1 a.com
::1 a.com

What else can I try?

Keycloak is getting an extra / from you proxy

It doesn’t ignore it, it’s a bit stricter.

Oh my gosh thank you so much for pointing it out!!!
I never realized it!
Thank you!!!