skip to Main Content

I am running Keycloak on an OpenShift project, and I have 4 pods running:
keycloak (v8.0.1 configured to listen on 8443 with TLS),
keycloakdb (PostgreSQL DB),
proxy (Apache 2.4 reverse proxy), and
portal (our app that we developed to handle connecting to other applications).

The keycloak pod also contains two jar files that we “borrowed” that implements PKI authentication as part of the log on.

The routes configured in OpenShift are
apache: tcp/443 to tcp/8443 on the apache pod
keycloak: tcp/443 to tcp/8443 on the keycloak pod, and

Current state:
A connection to https://proxy.domain.com is redirected to https://keycloak.domain.com for authentication
https://keycloak/domain.com which requests my certificate for a 2-way TLS authentication
then redirected to https://keycloak.domain.com/auth/auth?response_type=code&scope=openid&client=potal&state=&redirect_uri=https://proxy.domain.com/redirect_uri&nonce=
The browser displays a page which give details of my certificate and my user account name with a button to continue

Clicking the continue button, POSTs to https://keycloak.domain.com
The browser is then redirected to https://proxy.domain.com:8443
Since there is no route to https://proxy.domain.com:8443 the connection times out.

The question is how do I get keycloak to redirect the browser to https://proxy.domain.com on tcp/443?

2

Answers


  1. URL redirect in client setting

    For redirecting to particular URL after authentication, you can use URL redirection setting in client settings.

    Login or Signup to reply.
  2. The problem is the redirect_uri in the authentication request. It points to proxy.domain.com instead to the portal.

    The redirect_uriis set by the OAuth 2.0 client code in the portal. Probably, the portal software thinks its own URL starts with proxy.domain.com.

    So investigate and fix the OAuth 2.0 code in the portal (probably just a configuration issue).

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search