I developed sso login with Keycloak and spring security adapter and all works fine.
But now I need to authenticate to my company's proxy all the requests to the Keycloak server, that stays out of my LAN.
I didn't find anything about this.
Please, may you give some suggestions?
Thanks
P.s. I am using Keycloak version 1.7.0-Final
Related
I have a Spring based application, which uses keycloak-spring-security-adapter to handle the Keycloak specific stuff. This server is deployed on same machine as the Keycloak server, and both of them are running behind Nginx reverse proxy.
The Spring app has in its keycloak.json configuration the correct proxy-url. The Keycloak server has the the frontendUrl set to the correct proxy-url. When testing on localhost without the reverse proxy everything works as expected.
The issue is when deployed with the reverse-proxy in front. The Spring application runs the OIDC service discovery during startup. But to do this, is uses the public URL. This fails, because the on the backend side, the reverse proxy is not in DNS record.
How to setup the keycloak-spring-security-adapter in such a way, that for the backend requests it uses local URL. But for the logins that are done through the JSP pages in the browser, it uses the proxied URL?
I try to using oauth authentication in RabbitMQ via cloudfoundry UAA
Follow this tutorial it works there's no problem
I checked RabbitMQ management login successfully and RabbitMQ management API also successfully called
But RabbitMQ UAA demo's cloudfoundry UAA image created 2years ago. so UAA image has log4j vulnerability (CVE-2021-44228)
So I'm trying to UAA image changes to 75.16.0
And I faced critical problem
In RabbitMQ Management Web login button does not show
Web Browser's console log showed X-Frame-Options DENY (192.168.137.237:8080 is UAA server IP address)
Can anyone help me?
Without keycloak maven dependencies.
This is using okta and google. I wonder can I use spring security + ouath2 with keycloak?
https://www.baeldung.com/spring-security-openid-connect
Yes you can use withouth keycloak springboot auto-configuration
Look here: Spring Cloud Gateway with OAuth2
You can see the configuration used to connect with Keycloak
Let me know if you get your answer
Jhipster registry:v3.3.0
Keycloak: 4.5.0.Final (https enabled)
There is a jhipster registry setup using docker-compose as shown in picture. Registry talks to Keycloak for authentication.
We have two keycloak instances.
When configured with one keycloak instance it successfully logins and opens the registry page.
When configured with other keycloak instance it show the following page:
After entering keycloak credentials, the url in the browser is http://localhost:8761/login?state=Swy20H&session_state=c6853b18-42f3-4ad9-9ad0-14615aa576bd&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..xtptsARyYJPbqrhZD4ZF7A.yKur_w3c5H-ybHcpXeBSca1W7N3XxRzQXaUs383Kqh57wzaWt3FhBglGf-w154GRTM93F5oa2grE8HzVyrRpDadQs5FCjpNDZuD86KZy5JVI4RnlYOFvsTMcO-fFi_bWl2ByvNy7QARglrwGQOTeYndvrYluuC57OJGKm8819gIb9a5wvZ9oeiJLuDPwkcefs2J-xnUvEde3yAyVKGxe_oGdA8jJbbwRDQQvCI2e3FLyiKJ1F2P2iHFT5g_QaQxv.7k__JisYiWQrQpjgxJ8m5Q
Same keycloak client was imported in Keycloak realm for instances. Any idea what could be the reason?
I had faced similar issue.
In my case I was getting it because of two reasons.
The keycloak was SSL enabled and the keystore file used in this
process did not include Root certificate. Refer this SOS.
Our network firewall was blocking the requests to Auth Server. In your case it could be Jhipster registry's backend
you must change configuration in docker file inside your server if you use docker and when enable SSL you must mapping new URI in each docker file
i have the same problem and this is solution for that
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://127.0.0.1/auth/realms/jhipster
but after enable ssl your service cannot show above url you must be change it to
- SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=https://your-domain.eg/auth/realms/jhipster
after that you can authentication without any problem
I have an application using spring-security's OpenID implementation. The app server sits behind a proxy. The proxy is apache httpd with mod_proxy. If the proxy connects to the app server via HTTP, the application will tell the OpenID authenticator to redirect back via HTTP rather than HTTPS like I would prefer. It seems to pull the protocol dynamically and only sees HTTP. If I configure the proxy to use HTTPS, I run into this problem. So is there a way to operate spring security behind a proxy which uses HTTP?
A little extra mod_proxy and Glassfish configuration solved this problem for me:
https://serverfault.com/questions/496888/ssl-issue-with-mod-proxy