为什么keycloak删除重定向uri中的SSL? [英] why is keycloak removing the SSL in the redirect uri?
问题描述
我们有一个简单的要求,其中: PS :https:/=== https://
We have a simple requirement where: PS: https:/ === https://
当用户点击 https:/company_landing.company.com 时,应将其重定向到keycloak登录页面(位于 https:/ourcompany-keycloak.company.com ) .用户输入他/她的密钥库登录凭据.成功登录keycloak后,它们将显示在company_landing页面上.
When user hits https:/company_landing.company.com , they should be redirected to keycloak login page (at https:/ourcompany-keycloak.company.com). User enters his/her keycloak login credentials. Upon successful login to keycloak , they will be presented to the company_landing page.
问题是:
The trouble is :
当用户键入- https:/company_landing.company.com
Keycloak尝试调出登录页面,但显示500 Internal server error(内部服务器错误),并显示"Indirect redirect uri(错误的重定向uri)",在浏览器中,我看到以下内容:
Keycloak tries to bring up the landing page but gives 500 Internal server error and says "Incorrect redirect uri" and in the browser I see this:
https:/ourcompany-keycloak.company.com/auth/realms/realm1/tokens/login?client_id = company_dev& state = aaaafffff-559d-4312-a8be-123412341234& redirect_uri = http%3A%2F %2Fcompany_landing.company.com%3A8081%2F%3Fauth_callback%3D1
https:/ourcompany-keycloak.company.com/auth/realms/realm1/tokens/login?client_id=company_dev&state=aaaafffff-559d-4312-a8be-123412341234&redirect_uri=http%3A%2F%2Fcompany_landing.company.com%3A8081%2F%3Fauth_callback%3D1
如果您观察到上面的重定向uri,我认为问题是重定向uri以https开头,而不是https,并且http:/company-landing.company.com不存在.
If you observe the redirect uri above, I think the problem is that instead of https the redirect uri starts with http and http:/company-landing.company.com doesn't exist.
设置: 密钥斗篷设置:-
Settings: keycloak settings: -
领域->设置->登录:要求SSL =所有请求(也尝试使用外部")
Realm --> settings --> login : Require SSL = all Requests (tried with "external" also)
应用程序->领域1->设置->重定向URI = https://company_landing.company.com/ *
AWS负载均衡器: 端口配置:443(https)转发到8443
AWS load balancer: Port config: 443(https) forwarding to 8443
我对为什么要剥离SSL感到困惑?在本地环境上测试时,上面的方法工作正常(可能是因为其 http://localhost ),但是在尝试时始终会给出无效的重定向网址访问任何经过ssl加密的链接.
I am confused as to why it is stripping the SSL? The above works fine when testing on local environment(probably because its http://localhost) but this always gives an invalid redirect url when trying to access any link that is ssl encrypted.
-mm
推荐答案
您必须在代理配置json文件(默认情况下为proxy.json)中添加以下属性作为应用程序属性(与"adapter-config"具有相同的级别) "):
You have to add the following property in the proxy configuration json file, (by default proxy.json) as an application attribute (same level as "adapter-config"):
"proxy-address-forwarding" : true,
This configuration attribute is not documented, however present in the sources of the proxy configuration: https://github.com/keycloak/keycloak/blob/master/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java
这篇关于为什么keycloak删除重定向uri中的SSL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
