Reading Original IP on Keycloak when Installed Behind a Reverse Proxy

24 Feb , 2020 1 Comment

Keycloak, or Red Hat Single SignOn, have the capability of capturing ip of every request which are connected to it. But there are scenarios where Keycloak is located behind a reverse proxy, and Keycloak would capture reverse proxy’s ip instead of original requestor IP.

The workaround is actually quite simple although can be at different xml files depends on your server , can add below configuration on default-server tag.

<server name="default-server">
	<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"
		proxy-address-forwarding="true" />
	<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"
		proxy-address-forwarding="true" />
	<host name="default-host" alias="localhost">
		<location name="/" handler="welcome-content"/>
		<http-invoker security-realm="ApplicationRealm"/>
	</host>
</server>
keycloak RHSSO sso

edwin

Related Posts

1 Comment

view

about 1 year ago

Hurrah! At last I got a website from where I be capable of in fact obtain valuable facts concerning my study and knowledge.

Reply

Leave a Comment

Please be polite. We appreciate that.
Your email address will not be published and required fields are marked