Configuring a proxy for outgoing Keycloak HTTP requests#
Security Assertion Markup Language (SAML) allows you to access multiple web-based applications using a single set of authentication credentials. It is possible to configure Keycloak to access a SAML server via a preconfigured proxy in situations where Keycloak’s host doesn’t have direct access to the internet.
Open a terminal and log in to your instance of Package Security Manager (On-prem) as an admin.
Open your installer file, where the
docker-compose.ymlfile is located by running the command:# Replace <INSTALLER_LOCATION> with the location of your installer file (where the ``docker-compose.yml`` file is) cd <INSTALLER_LOCATION>
Tip
You can see all the files contained in your current directory location by running the command
ls -lain the terminal. You can look for thedocker-compose.ymlfile this way, if necessary.Open your
docker-compose.ymlfile using your preferred file editor.Find the
Keycloakservice section of the file, and underenvironment:, add the following lines:# Replace <PROXY_SITE_URL> with the URL of your SAML proxy HTTP_PROXY: <PROXY_SITE_URL> HTTPS_PROXY: <PROXY_SITE_URL>
Save your work and close the file. To verify your changes were saved, you can run the command:
cat docker-compose.ymlHere is an excerpt from a
docker-compose.ymlfile to show you what your Keycloak section might look like.keycloak: image: ${DOCKER_REGISTRY}keycloak:${VERSION} environment: - KEYCLOAK_IMPORT=true - KC_DB_URL_HOST=${POSTGRES_HOST} - KC_DB_URL_PORT=5432 - KC_DB_URL_DATABASE=keycloak - KC_DB_USERNAME=keycloak - KC_DB_PASSWORD=keycloak - KC_HOSTNAME=${DOMAIN} - KC_PROXY=edge - KC_HOSTNAME_STRICT_HTTPS=false - KC_HTTP_ENABLED=true - HTTP_PROXY: <PROXY_IP>:<PROXY_PORT> - HTTPS_PROXY: <PROXY_IP>:<PROXY_PORT>
Restart your instance of Package Security Manager.
docker compose down docker compose up -d