为什么keycloak删除重定向uri中的SSL? | 为什么keycloak删除重定向uri中的SSL

本文介绍了为什么keycloak删除重定向uri中的SSL?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我们有一个简单的要求，其中: PS :https:/=== https://

We have a simple requirement where:PS: https:/ === https://

当用户点击 https:/company_landing.company.com 时，应将其重定向到keycloak登录页面(位于 https:/ourcompany-keycloak.company.com ) .用户输入他/她的密钥库登录凭据.成功登录keycloak后，它们将显示在company_landing页面上.

When user hits https:/company_landing.company.com , they should be redirected to keycloak login page (at https:/ourcompany-keycloak.company.com). User enters his/her keycloak login credentials. Upon successful login to keycloak , they will be presented to the company_landing page.

问题是:

The trouble is :

当用户键入- https:/company_landing.company.com

Keycloak尝试调出登录页面，但显示500 Internal server error(内部服务器错误)，并显示"Indirect redirect uri(错误的重定向uri)"，在浏览器中，我看到以下内容:

Keycloak tries to bring up the landing page but gives 500 Internal server error and says "Incorrect redirect uri" and in the browser I see this:

https:/ourcompany-keycloak.company.com/auth/realms/realm1/tokens/login?client_id = company_dev& state = aaaafffff-559d-4312-a8be-123412341234& redirect_uri = http％3A％2F ％2Fcompany_landing.company.com％3A8081％2F％3Fauth_callback％3D1

https:/ourcompany-keycloak.company.com/auth/realms/realm1/tokens/login?client_id=company_dev&state=aaaafffff-559d-4312-a8be-123412341234&redirect_uri=http%3A%2F%2Fcompany_landing.company.com%3A8081%2F%3Fauth_callback%3D1

如果您观察到上面的重定向uri，我认为问题是重定向uri以https开头，而不是https，并且http:/company-landing.company.com不存在.

If you observe the redirect uri above, I think the problem is that instead of https the redirect uri starts with http and http:/company-landing.company.com doesn't exist.

设置: 密钥斗篷设置:-

Settings:keycloak settings: -

领域->设置->登录:要求SSL =所有请求(也尝试使用外部")

Realm --> settings --> login : Require SSL = all Requests (tried with "external" also)

应用程序->领域1->设置->重定向URI = https://company_landing.company.com/ *

AWS负载均衡器:端口配置:443(https)转发到8443

AWS load balancer:Port config: 443(https) forwarding to 8443

我对为什么要剥离SSL感到困惑?在本地环境上测试时，上面的方法工作正常(可能是因为其 http://localhost )，但是在尝试时始终会给出无效的重定向网址访问任何经过ssl加密的链接.

I am confused as to why it is stripping the SSL? The above works fine when testing on local environment(probably because its http://localhost) but this always gives an invalid redirect url when trying to access any link that is ssl encrypted.

-mm

推荐答案

您必须在代理配置json文件(默认情况下为proxy.json)中添加以下属性作为应用程序属性(与"adapter-config"具有相同的级别) "):

You have to add the following property in the proxy configuration json file, (by default proxy.json) as an application attribute (same level as "adapter-config"):

"proxy-address-forwarding" : true,

此配置属性未记录，但是存在于代理配置的源中: https://github.com/keycloak/keycloak/blob/master/proxy/proxy-server/src/main/java/org/keycloak /proxy/ProxyConfig.java

This configuration attribute is not documented, however present in the sources of the proxy configuration: https://github.com/keycloak/keycloak/blob/master/proxy/proxy-server/src/main/java/org/keycloak/proxy/ProxyConfig.java

这篇关于为什么keycloak删除重定向uri中的SSL?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！