Re: [keycloak-dev] Re: Keycloak fails to connect to an openshift oauth-server in a airgapped/disconnected cluster

66 views
Skip to first unread message

Thomas Darimont

unread,
Jun 30, 2021, 7:16:16 AM6/30/21
to Abhishek Veeramalla, Keycloak Dev
Hi Abhishek,

did you look the proxy mapping for outgoing http requests? at https://www.keycloak.org/docs/latest/server_installation/index.html#_proxymappings


Cheers
Thomas

On Wed, 30 Jun 2021, 12:44 Abhishek Veeramalla, <avee...@redhat.com> wrote:
I got to know from @Sebastian that Keycloak does not support proxies out of the box.

Can anyone point me out to the steps to achieve this ?

Regards,
Abhishek Veeramalla

On Wednesday, June 30, 2021 at 4:12:44 PM UTC+5:30 Abhishek Veeramalla wrote:
Hello Everyone,

 I am running into a problem where I am using Keycloak as an Identity broker with OpenShift-v4 as an IdP for my Kubernetes Operator. 

Problem:
  I am using an air-gapped/disconnected cluster where Keycloak is not able to connect to the oauth-server. Below is the error thats logged in the keycloak.

```
Failed to make identity provider oauth callback: org.apache.http.conn.HttpHostConnectException: Connect to oauth-openshift.apps.aroutd4.qe.devcluster.openshift.com:443 [oauth-openshift.apps.aroutd4.qe.devcluster.openshift.com/18.218.213.98, oauth-openshift.apps.aroutd4.qe.devcluster.openshift.com/3.143.119.132] failed: Connection timed out (Connection timed out)
```

Any help is greatly appreciated :)

Regards,
Abhishek Veeramalla

--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/c3518288-3d1a-48f7-be07-88f2487f34e4n%40googlegroups.com.

Abhishek Veeramalla

unread,
Jun 30, 2021, 9:07:56 AM6/30/21
to Thomas Darimont, Keycloak Dev
Hi Thomas, 

I am running RHSSO which is keycloak 7.4. Do you know if this configuration works with RHSSO as well ?

Thomas Darimont

unread,
Jun 30, 2021, 9:27:09 AM6/30/21
to Abhishek Veeramalla, Keycloak Dev
Afaik the SSO 7.4 is based on Keycloak 9.x with patches.

AFAIR The proxy support has been with Keycloak since 4.x.

So I'd assume that it will work the same since rhsso is effectively just Keycloak on JBoss EAP rather than wildfly.

Cheers,
Thomas

Abhishek Veeramalla

unread,
Jun 30, 2021, 11:52:32 AM6/30/21
to Thomas Darimont, Keycloak Dev
Got it. One more question to start with this. Is there a way to work around with this on a running container or do I have to build a new container ?
Reply all
Reply to author
Forward
0 new messages