keycloak running in url sub-path
72 views
Skip to first unread message
Francesco Stefanni
Oct 22, 2020, 9:51:06 AM10/22/20
to Keycloak User
Hi,
I am trying to run keycloak behind a reverse proxy, under a specific sub-path.
Both keycloak and the reverse proxy run in docker containers.
At the moment I managed to set it behind the reverse proxy, but it always listen
to the url root ("/"), so for example, it redirects to "mysite.com/auth".
Instead I would like to run it in a sub-url, e.g. "/keycloak", and therefore be redirected to
I checked various internet resources, but none worked for me.
Which are the exact configuration steps for keycloak?
Thank you,
regards.
Thomas Darimont
Oct 22, 2020, 11:36:49 AM10/22/20
to Francesco Stefanni, Keycloak User
Hello Francesco,
running Keycloak with a custom context path is possible.
You need to configure the web-context used by the Keycloak server subsystem to make Keycloak aware of the custom path.
running Keycloak with a custom context path is possible.
You need to configure the web-context used by the Keycloak server subsystem to make Keycloak aware of the custom path.
You can do that with the following jboss-cli script:
echo SETUP: Configure Keycloak Context-Root
# Note: in case Keycloak was initialized with another Context-Path (e.g. /auth by default), it might be necessary to adjust the base_url's and redirect_uri's of the admin clients in the database!
# For example for /keycloak/auth use: keycloak/auth
set contextPath=${env.KEYCLOAK_CONTEXT_PATH:keycloak/auth}
/subsystem=keycloak-server/:write-attribute(name="web-context",value=$contextPath)
# Note: in case Keycloak was initialized with another Context-Path (e.g. /auth by default), it might be necessary to adjust the base_url's and redirect_uri's of the admin clients in the database!
# For example for /keycloak/auth use: keycloak/auth
set contextPath=${env.KEYCLOAK_CONTEXT_PATH:keycloak/auth}
/subsystem=keycloak-server/:write-attribute(name="web-context",value=$contextPath)
This will configure the "web-context" of the Keycloak-Server Subsystem to the new path. After that, the standalone(-ha).xml config
file should contain something like this:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>keycloak/auth</web-context>
...
Cheers,Thomas
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>keycloak/auth</web-context>
...
Cheers,Thomas
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/2dabaa28-50d9-4165-aa51-f41199fd8119n%40googlegroups.com.
Francesco Stefanni
Oct 23, 2020, 3:50:40 AM10/23/20
to Keycloak User
Hi,
thank you for the help.
I discovered that the docker image seems to run in standalone-ha by default, so my changes to standalone.xml were useless :)
In fact the script has modified the standalone-ha configuration (it just changed the web-context entry).
Now I still have a minor issue:
- If I go to: mysite.com/keycloak/auth everything seems ok now
- If I go to: mysite.com/keycloak I get a "not found" error
- If I go to: mysite.com: it redirects me to mysite,com/auth, which is of course wrong
I would like to have:
- mysite.com/keycloak to redirect me to mysite.com/keycloak/auth. In this case, I am expecting that accessing directly to mysite.com should rise an error.
Is it possible to have this final improvement?
Thank you,
regards
Reply all
Reply to author
Forward
0 new messages