Keycloak SSL Redirect Loop


#1

Hey guys, first of all - thanks for developing this!

So far, shinyproxy is running smoothly with keycloak auth on my ubuntu/debian based vm. It’s running side by side on the same machine and everything works beautifully - until I try to switch to SSL :wink:
I’ve run out of ideas and am not sure what causes the problem - right now, I’m not even sure if this is a keycloak or shinyproxy issue.

My setup is as follows:
shinyproxy running on vm on 8000
keycloak running on same vm on 8080 for http and 8443 for https

Using plain http with 8000 and 8080 as keycloak auth url is working without any problems. shinyproxy redirects to the keycloak auth url and keycloak redirects back once a user is authenticated.

Using the https on 8443 as auth url is what causes some kind of redirect loop. It seems like keycloak authenticates the user, then redirects back to shinyproxy on 8000, which then in turn redirects back to /login and back on to keycloak. After a few times, the browser times out and tells “Too many redirects”:

What have I tried so far:

Configured nginx as proxy with ssl rewrite - the problem persists, no matter if nginx is running with proxy_pass and securing the domain as described in https://www.shinyproxy.io/security/#https-ssl-tls

Followed these instructions to set up https on keycloak:
http://www.keycloak.org/docs/2.5/server_installation/topics/network/https.html
Moving the keycloak server to another machine does not solve the problem either.
The redirect issue on keycloak is discussed on SO or jboss. I did set the proxy-address-forwarding to true in the standalone.xml and played around with the redirect-socket as well as the redirect_uri parameters, but nothing solved the issue.

Has somebody set this up with shinyproxy and keycloak with SSL and can help me?

Help is greatly appreciated! :grinning:


#2

This was the problem - thanks so much!