Keycloak redirected too many times

I’m trying to get a basic example of shinyproxy working with keycloak. This is my Dockerfile

FROM openjdk:11-jre

RUN mkdir -p /opt/shinyproxy/
RUN wget https://www.shinyproxy.io/downloads/shinyproxy-2.3.1.jar -O /opt/shinyproxy/shinyproxy.jar
COPY application.yml /opt/shinyproxy/application.yml

WORKDIR /opt/shinyproxy/
CMD ["java", "-jar", "/opt/shinyproxy/shinyproxy.jar"]

This is my docker-compose.yml

version: "3.7"

services:
  mysql:
      image: mysql:5.7
      volumes:
        - mysqldata:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
  keycloak:
      image: quay.io/keycloak/keycloak:latest
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
        PROXY_ADDRESS_FORWARDING: 'true'
      ports:
        - 8010:8080
      #networks:
      #  - shinyproxy-net
      depends_on:
        - mysql
  shinyproxy:
    build: .
    image: shinyproxy
    ports:
      - '8020:8080'
    networks:
      - shinyproxy-net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
networks:
  shinyproxy-net:
    external: true
volumes:
  mysqldata:
      driver: local

This is my application.yml

proxy:
  port: 8080
  authentication: keycloak
  useForwardHeaders: true  # not sure if necessary or not
  admin-groups: admins
  keycloak:
    realm: shinyproxy                                                     
    auth-server-url: http://localhost:8010/auth
    resource: shinyproxy                                                  
    credentials-secret: aa205d81-ae00-4b59-bca6-4c41074c633c
  docker:
      internal-networking: true
  specs:
  - id: 01_hello
    display-name: Hello Application
    description: Application which demonstrates the basics of a Shiny app 
    container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
  - id: 06_tabsets
    container-cmd: ["R", "-e", "shinyproxy::run_06_tabsets()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
logging:
  file:
    shinyproxy.log

When I go to http://localhost:8020/ and authenticate with the user I created in http://localhost:8010/ I get a redirected too many times error:

image

What am I doing wrong?

Hi @ignacio82,

I’m trying to work through a very similar setup and can’t say that I’ve got everything fully functional yet.

Do you think you could post your KeyCloak realm settings? Specifically, the return URI?

One thing I did notice is that ShinyProxy can’t hit the Keycloak container using localhost. I don’t know why or whether there’s an option to allow this, but my approach has been to use the full IP address in auth-server-url - e.g. http://192.168.1.100:8010/auth. The same logic would be required in your KeyCloak realm settings.

Good luck!
Jay

I’m having trouble finding the return URI setting? Where is it?

Sorry @ignacio82 - I got the KeyCloak terminology wrong. I meant the Valid Redirect URI's found in the settings panel of the Client setup. It’s the address KeyCloak sends users back to after they’ve successfully logged in.

@JayAchar I’m just using * there… Maybe that is the problem… Not sure what I should use. What do you have there?

I think there are a couple of ways of tackling this, since you can define the base URI, then just include the additional parts in this field. To keep things a bit simpler, I took the approach of including the full external IP address which takes you back to the ShinyPorxy server. For you case, this might be something like:

http://192.168.1.5:8020/*

I had previously tried using localhost and ran into problems such as this since I think KC needs to communicate with services via the external IP address. I do believe there’s a way to allow communication through the docker network, but I haven’t managed to get that working unfortunately.

Really hope that helps :slight_smile:

1 Like

It did not work :frowning:

This page isn’t working
192.168.86.50 
redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

This issue is because ShinyProxy cannot reach keycloak on localhost.
You either have to run all services using network_mode: host so that you can use localhost.
Or you have to setup keycloak using some public facing URL and use that URL in the shinyproxy configuration as auth-url

1 Like