问题
I'm using the Keycloak authorization server in order to manage my application permissions. However, I've found out the standalone server can be accessed locally only.
http://localhost:8080/auth works, but not it does http://myhostname:8080/auth. This issue doesn't permit accessing the server from the internal network.
回答1:
The standalone Keycloak server runs on the top of a JBoss Wildfly instance and this server doesn't allow accessing it externally by default, for security reasons (it should be only for the administration console, but seems to affect every url in case of Keycloak). It has to be booted with the -b=0.0.0.0 option to enable it.
However, if your Wildfly is running on a remote machine and you try to access your administrative page through the network by it’s IP address or hostname, let’s say, at http://54.94.240.170:8080/, you will probably see a graceful This webpage is not available error, in another words, Wildfly said “No, thanks, I’m not allowing requests from another guys than the ones at my local machine”.
See also:
- Enable Wildfly remote access
- Wildfly remotely access administration console doesnt work
回答2:
you can start keycloak server with this command
standalone.bat -b 0.0.0.0
回答3:
For anyone who happens by here now, I found this in the documentation for Keycloak 8:
Users can interact with Keycloak without SSL so long as they stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172.16.x.x. If you try to access Keycloak without SSL from a non-private IP address you will get an error.
来源:https://stackoverflow.com/questions/34410707/enabling-remote-access-to-keycloak