1

I am running Keycloak on an OpenShift project, and I have 4 pods running: keycloak (v8.0.1 configured to listen on 8443 with TLS), keycloakdb (PostgreSQL DB), proxy (Apache 2.4 reverse proxy), and portal (our app that we developed to handle connecting to other applications).

The keycloak pod also contains two jar files that we “borrowed” that implements PKI authentication as part of the log on.

The routes configured in OpenShift are apache: tcp/443 to tcp/8443 on the apache pod keycloak: tcp/443 to tcp/8443 on the keycloak pod, and

Current state: A connection to https://proxy.domain.com is redirected to https://keycloak.domain.com for authentication https://keycloak/domain.com which requests my certificate for a 2-way TLS authentication then redirected to https://keycloak.domain.com/auth/auth?response_type=code&scope=openid&client=potal&state=&redirect_uri=https://proxy.domain.com/redirect_uri&nonce= The browser displays a page which give details of my certificate and my user account name with a button to continue

Clicking the continue button, POSTs to https://keycloak.domain.com The browser is then redirected to https://proxy.domain.com:8443 Since there is no route to https://proxy.domain.com:8443 the connection times out.

The question is how do I get keycloak to redirect the browser to https://proxy.domain.com on tcp/443?

Mike K.
  • 543
  • 3
  • 14
  • 46

2 Answers2

0

URL redirect in client setting

For redirecting to particular URL after authentication, you can use URL redirection setting in client settings.

sharmag
  • 189
  • 2
  • 7
0

The problem is the redirect_uri in the authentication request. It points to proxy.domain.com instead to the portal.

The redirect_uriis set by the OAuth 2.0 client code in the portal. Probably, the portal software thinks its own URL starts with proxy.domain.com.

So investigate and fix the OAuth 2.0 code in the portal (probably just a configuration issue).

Codo
  • 75,595
  • 17
  • 168
  • 206