Hello to all,
I have deployed keycloak on docker, a spring boot application, all behind a nginx reverse proxy outside docker.
This is the path to protect url:example.com/oauth/test-idp. The docker container is runned with PROXY_ADDRESS_FORWARDING=true.
When I go on the resource is showed the login page to access to /idp, but the redirect_usi instead of: “url:https%3A%2F%example.com%2oauth%2Ftest-idp” (“url:example.com/oauth/test-idp”) is “url:https%3A%2F%2Fexample.com2Ftest-idp” (“url:example.com/test-idp”). Any solution?
This is my nginx configuration:
location ~ ^/oauth(.*)$ {
proxy_pass http://11.11.11.11$1?$query_string;
proxy_buffering off;
proxy_redirect off;
proxy_set_header X-Forwarded-For $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
In my spring boot application I have this settings:
keycloak.auth-server-url=https://example.com/auth/
keycloak.realm =realm
keycloak.ssl-required =external
keycloak.resource =resource
keycloak.credentials.secret =111111-111111-111111-1111
keycloak.securityConstraints[0].authRoles[0] =role
keycloak.securityConstraints[0].securityCollections[0].name=test
keycloak.securityConstraints[0].securityCollections[0].patterns[0] =/idp
server.use-forward-headers=true
server.tomcat.remote_ip_header=X-FORWARDED-FOR
server.tomcat.protocol_header=X-FORWARDED-PROTO