Invalid token issuer when running keycloak behind proxy

Question

I\'ve placed my keycloak server behind apache proxy:

ProxyRequests On
ProxyVia On
ProxyPreserveHost On
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheck         


        

Answer 1

This has been a common problem as Keycloak verifies the issuer of the placed token with the issuer that generated token. And in your case, the token was generated by http://keycloak:8090/auth/realms/local but in the given token issuer is your proxy server FQDN i.e. http://localhost/auth/realms/local