Hi,
(using http:// in this post)
I’m configuring a java aplication using de KC adapter (17.0.0) in Spting MVC + tomcat
when using just tomcat and keycloak without a proxy everything works…
theApp: http://localhost:8081/myTomcatContext
KC: http:–localhost:8080
the kc adapter settings are:
{
“realm”: “realm”,
“auth-server-url”: “http://localhost:8080/”,
“ssl-required”: “external”,
“resource”: “app-client”,
“credentials”: {
“secret”: “secret”
},
“confidential-port”: 0
}
If I request a secured resource let say http:–localhost:8081/myApp/test (without proxy)
I can log in to keycloak and once authorized I’m redirected to the resource correctly
Now I’m configuring httpd (apache) as reverse proxy with two Vhosts so
the kc adapter settings are:
{
“realm”: “realm”,
“auth-server-url”: “http:–auth.myhost.local”,
“ssl-required”: “external”,
“resource”: “app-client”,
“credentials”: {
“secret”: “secret”
},
“confidential-port”: 0
}
http:–localhost:8081/myTomcatContext → http:–www.myhost.local
http:–localhost:8080 → http:–auth.myhost.local
first: when redirecting to /sso/login I need to create a rewrite rule since the request is
http:–www.myhost.local/myTomcatContext/sso/login so it is rewritten to http:–www.myhost.local/sso/login
At this point I’mreaching keycloak but… Is there a way to configure the KC adapter (or KC) and not having to add the rewrite condition?
Second: once on keycloak the redirect_uri contains http:–www.myhost.local/myTomcatContext/sso/login (again with the tomcat context) and once authorizedd I’m been redirected to http:–www.myhost.local/myTomcatContext/test.
Is there a way to spefcify the base URL? I’ve tried Base URL (in KC client) to http:–www.myhost.local/ but still the tomcat context is used
Even when requesting a resource once authorized the adapter redirects to http:–www.myhost.local/myTomcatContext/theResource
Do I need to add any special header so KC sees the app as http:–www.myhost.local and not as http:–www.myhost.local/myTomcatContext?
Thanks in advance