I use generator-jhipster 5.8.2, my app runs in local machine with active tls profil and my keycloak ( docker image) runs in remote behind loadbalancer. After login I get a 401 error. The app's code generate has not been modify ( excpet active tls in yml)

My haproxy conf :

frontend https-in
    bind *:443 ssl crt /etc/haproxy/certs/mydomain.fr.pem
    mode http
    option httplog
    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-backend if letsencrypt-acl
    default_backend keycloack_backend

backend keycloack_backend
  mode http
  option forwardfor
    http-request add-header X-Forwarded-For https if { ssl_fc }
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
   server keycloack-server 127.0.0.1:9080
....

My compose docker start with same real-config provided by Jhipster on the remote machine :

version: '2'
services:
  keycloak:
    image: jboss/keycloak:4.5.0.Final
    command: ["-b", "0.0.0.0", "-Dkeycloak.migration.action=import", "-Dkeycloak.migration.provider=dir", "-Dkeycloak.m$
    volumes:
      - ./realm-config:/opt/jboss/keycloak/realm-config
    environment:
      - KEYCLOAK_USER=admin
      - KEYCLOAK_PASSWORD=admin
      - DB_VENDOR=h2
      - PROXY_ADDRESS_FORWARDING=true
    ports:
      - 9080:9080
      - 9443:9443
      - 10990:10990

I active chrome://flags/#allow-insecure-localhost for unsign certificate

The request :

https://my-remote-domain.fr/auth/realms/jhipster/protocol/openid-connect/auth?client_id=web_app&redirect_uri=https://localhost:8080/login&response_type=code&scope=openid%20profile%20email&state=0ysF9S

The keycloak response :

https://localhost:8080/login?state=PecNm5&session_state=3c800f88-66e9-4314-9ad2-1554c1d53151&code=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..6xObmGoYfOiAqr56qb0CwA.aGJxbVkoygkifpshHabgQt0KDDcKQ1ia1rr70p93lH0qyYpwPT3fpxN6Z3zKqCDgqpFxe3oxv4D4UeogH9g5u8B2Swfq6UoP2pyzin6wHlkzgY5NTX5qSZwTDDfVmHWCtjdjZyd7fW5owdwgoOPTZZV9xPldxqLTpp7qfZGoyzEyEz1mbalHMqP4G-5AbO4yyLufQHtOIeg9yV6s7O0gHV5teDUukAC45LCaVjIMKbrUeVTx8DP4rbFMnj7myiCZ.So-gqHysrxqhflJnTPPABg

error 401

some help please?

0 Answers