[英]Keycloak Node.js Adapter not working behind corporate proxy
Unable to get https://www.npmjs.com/package/keycloak-connect
to work with proxy.无法让
https://www.npmjs.com/package/keycloak-connect
与代理一起工作。 I am able to access the Keycloak server with the same proxy from the browser and from curl, though.不过,我可以从浏览器和 curl 使用相同的代理访问 Keycloak 服务器。
The only promising thing that I have tried was this:我尝试过的唯一有希望的事情是:
app.set('trust proxy', 'loopback');
... and it didn't work. ......它没有工作。
I am able to connect through keycloak-connect if I am using it on my own WiFi (no proxy).如果我在自己的 WiFi(无代理)上使用它,我可以通过 keycloak-connect 进行连接。 The error that I get when using the proxy is:
使用代理时出现的错误是:
Could not obtain grant code: Error: connect ETIMEDOUT 108.128.***.168:443
108.128.***.168
was the IP of the Keycloak server. 108.128.***.168
是 Keycloak 服务器的 IP。
I can't verify whether there is a configuration that would allow me to use keycloak-connect with proxy.我无法验证是否存在允许我将 keycloak-connect 与代理一起使用的配置。
Attaching few lines of the code that relate to keycloak:附上几行与 keycloak 相关的代码:
const Keycloak = require('keycloak-connect'); const memoryStore = new session.MemoryStore(); const keycloakConfig = { clientId: process.env.CLIENT_ID, 'auth-server-url': process.env.SERVER_URL, 'confidential-port': 0, 'policy-enforcer': {}, 'ssl-required': 'external', 'verify-token-audience': true, realm: process.env.REALM, credentials: { 'secret': process.env.CLIENT_SECRET }, realmPublicKey: process.env.REALM_PUBLIC_KEY }; const keycloak = new Keycloak({ store: memoryStore }, keycloakConfig); const MongoStore = mongoSessionStore(session); const sess = { name: 'ssg-next.sid', secret: sessionSecret, store: new MongoStore({ mongooseConnection: mongoose.connection, ttl: 14 * 24 * 60 * 60 }), resave: false, saveUninitialized: false, cookie: { httpOnly: true, maxAge: 14 * 24 * 60 * 60 * 1000 } }; if (.dev) { server,set('trust proxy'; 'loopback'). // trust first proxy sess.cookie;secure = true. // serve secure cookies } server.use(keycloak:middleware({ logout; '/logout' }));
You don't need to app.set("trust proxy")
but app.enable("trust proxy")
.您不需要
app.set("trust proxy")
而是app.enable("trust proxy")
。
Stumbled into this myself and saw a SO question about it .我自己偶然发现了这个, 看到了一个关于它的问题。 I currently sail smooth without anything else behind "trust proxy" as in the example - running my apps behind an Ingress Controller but this essentially resolved my protocol problems with Keycloak.
我目前在“信任代理”后面没有任何其他东西,如示例中所示 - 在 Ingress Controller 后面运行我的应用程序,但这基本上解决了我使用 Keycloak 的协议问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.