shinyproxy: shinyproxy generate wrong redirect uri when using keycloak

Hello,

my setup is like this.

shinyproxy runs in a docker container with name shiny-proxy.

apache httpd reverse proxy runs before shinyproxy and convert it to https and runs on the host with port 2443 keycloak is also runs in docker container but the port is open on the host with 8443.

setup, application.xml

 keycloak:
    realm: shiny
    auth-server-url: https://keycloak:8443/auth
    #ssl-required: none
    ssl-required: external
    confidential-port: 2443
    verify-token-audience: true
    resource: shiny-proxy-p1
    credentials-secret: xxxxxxxxxxxx

apache reverse proxy configuration

<VirtualHost *:2443>
  SSLEngine on
  SSLCertificateFile    /etc/apache2/ssl/server-cert.pem
  SSLCertificateKeyFile /etc/apache2/ssl/server-cert.key
  #   Server Certificate Chain:
  #   Point SSLCertificateChainFile at a file containing the
  #   concatenation of PEM encoded CA certificates which form the
  #   certificate chain for the server certificate. Alternatively
  #   the referenced file can be the same as SSLCertificateFile
  #   when the CA certificates are directly appended to the server
  #   certificate for convinience.
  SSLCertificateChainFile /etc/apache2/ssl/server-ca.crt


  <Proxy *>
    Allow from *
  </Proxy>

  RewriteEngine on
 RewriteCond %{HTTP:Upgrade} =websocket
 RewriteRule /(.*) ws://shiny-proxy:8080/$1 [P,L]
 RewriteCond %{HTTP:Upgrade} !=websocket
 RewriteRule /(.*) http://shiny-proxy:8080/$1 [P,L]
 ProxyPass / http://shiny-proxy:8080/
 ProxyPassReverse / http://shiny-proxy:8080/
 ProxyRequests Off

 ErrorLog ${APACHE_LOG_DIR}/proxy_error.log
 CustomLog ${APACHE_LOG_DIR}/proxy_access.log combined

</VirtualHost>

Let’s say when access shinyprox via apache with URL https://lxsqlpocnd04:2443/ it will redirect to login page and the login page redirect request to Keycloak host lxsqlpocnd04 and port 8443. in that URL there is query string which includes redirect_uri but it is not the one expected.

the URL is like this https://lxsqlpocnd04:8443/auth/realms/shiny/protocol/openid-connect/auth?response_type=code&client_id=shiny-proxy-p1&redirect_uri=http%3A%2F%2Fshiny-proxy%3A8080%2Fsso%2Flogin&state=00f5e087-e6a9-4768-8cf8-39d77500fea3&login=true&scope=openid

And the redirect_uri is http://shiny-proxy:8080/sso/login other than https://lxsqlpocnd04:2443/sso/login

could someone help ?

Thanks,

Robin

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 16 (4 by maintainers)

Most upvoted comments

@danielfm123 @eastclintw00d POST requests (as made e.g. by DT) don’t work when using OIDC with current ShinyProxy (2.4.1). A fix by @LEDfan will be part of an upcoming release, but this is not the topic of this thread.

+1
tverbeke on Nov 28, 2020

Hi @LEDfan

That solved the problem.

Thank you for the quick response!

+1
eastclintw00d on Nov 25, 2020

Hi @eastclintw00d

Please try to use:

server:
  forward-headers-strategy: "native"

Instead of

server:
  useForwardHeaders: true

Thanks!

+1
LEDfan on Nov 25, 2020

@aiham Thanks.

I have it working. It is because of missing useForwardHeaders: true

+1
robsonyeg on Jul 28, 2020
Read more comments on GitHub
← shinyproxy: Shiny Proxy Can't Access Container On Host
openapi-backend: TypeError: Converting circular structure to JSON →