HTTP proxy settings

[zellert]

Hi All,

I'm trying to get Keycloak and DuoMFA to work with my internal HTTP proxy.

The following environment variables are set for the Keycloak container:

...
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=somepw
- KEYCLOAK_HOSTNAME=somefqdn
- TZ=Europe/Berlin
- HTTP_PROXY=http://fqdnProxy:80
- HTTPS_PROXY=http://fqdnProxy:80
- NO_PROXY=localhost,127.0.0.1
- JAVA_OPTS="-Djava.net.preferIPv4Stack=true -Dhttp.proxyHost=fqdnProxy -Dhttp.proxyPort=80 -Dhttps.proxyHost=fqdnProxy -Dhttps.proxyPort=80 -Dhttp.proxySet=true-Dhttp.nonProxyHosts=*.domain.local|localhost"

From the Keycloak container I'm able to reach the API server:

bash-4.4$ curl https://api-SOMESERVER.duosecurity.com
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>Duo/1.0</center>
</body>
</html>

The adapter or sdk seems not to pick the proxy settings yet:

[com.instipod.duouniversal.DuoUniversalAuthenticator] (executor-thread-6) Authentication against Duo failed with exception: com.duosecurity.exception.DuoException: connect timed out

Setup:

DuoUniversalKeycloakAuthenticator 1.0.4

Server Version 18.0.0
Java Version 11.0.15
Java VM OpenJDK 64-Bit Server VM
Java VM Version 11.0.15+10-LTS
Operating System Linux 5.14.0-160.el9.x86_64

I took a quick look at Duo's Universal SDK and could not find any options to set a proxy.

How could I possible get the setup to work using a http proxy?

PS: Hope that I just missed out something simple :-)

Best and many thanks in advance, Tobi

[zellert]

Hmm, found my error:

JAVAOPTS="-Djava.net.preferIPv4Stack=true -Dhttp.proxyHost=fqdnProxy -Dhttp.proxyPort=80 -Dhttps.proxyHost=fqdnProxy -Dhttps.proxyPort=80 -Dhttp.proxySet=true-D**_*http.nonProxyHosts=.domain.local|localhost"

Sorry for bothering!!