Kong redirects to Keycloak: https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=7d7d40f6cebc33abdf686c8ac87acab0&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-service%2Fanalysis%2F&nonce=13fc8d1620832537e0981e846d10713e&scope=openid
User login
Redirects to https://bar.foo.com/bar-spring-analysis-service/analysis/?state=7d7d40f6cebc33abdf686c8ac87acab0&session_state=ca179523-e115-4861-8bce-65040e96dc48&code=ac8d6ab9-b003-4534-b939-6caa1bbf060e.ca179523-e115-4861-8bce-65040e96dc48.26f6ad04-df4d-42be-aaf4-b3e450e44378
Tomcat shows a 404 page
That is an expected behavior from Tomcat because the service is at https://bar.foo.com/bar-spring-analysis-service/bar-spring-analysis-service/analysis/
Why does it redirect to the upstream URL?
Now I set redirect_uri_path to /bar-spring-analysis-proxy/analysis
Kong redirects to Keycloak: https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=03d66c606ce07462ab499b914456f458&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-proxy%2Fanalysis&nonce=e09990011701d31cedce486bbee0a006&scope=openid
User login
Redirect to https://bar.foo.com/bar-spring-analysis-proxy/analysis?state=03d66c606ce07462ab499b914456f458&session_state=e29293ed-7072-4192-a0dd-1631aa25d456&code=d3fcafa2-ca5e-4bed-8676-dc88f24f69b1.e29293ed-7072-4192-a0dd-1631aa25d456.26f6ad04-df4d-42be-aaf4-b3e450e44378
Redirect to https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=9c205203623c48df7f62ed3be3e644f6&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-proxy%2Fanalysis&nonce=e7b420662f15b0901e80f27888520273&scope=openid
Redirect to https://bar.foo.com/bar-spring-analysis-proxy/analysis?state=xx&session_state=yy
Repeats step 4.
The redirect in step 4. should be correct? kong-oidc should get the response from Keycloak and mark the user as authenticated.
Hello. I'm trying out Kong and so far I have configured it with service and route. Service: https://bar.foo.com/bar-spring-analysis-service/bar-spring-analysis-service/analysis Route: /bar-spring-analysis-service/analysis I added the kong-oidc plugin with Keycloak as the provider. The Kong proxy must be called at the URL: https://bar.foo.com/bar-spring-analysis-proxy/analysis
If I do not set
redirect_uri_path
then the following is happening:https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=7d7d40f6cebc33abdf686c8ac87acab0&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-service%2Fanalysis%2F&nonce=13fc8d1620832537e0981e846d10713e&scope=openid
https://bar.foo.com/bar-spring-analysis-service/analysis/?state=7d7d40f6cebc33abdf686c8ac87acab0&session_state=ca179523-e115-4861-8bce-65040e96dc48&code=ac8d6ab9-b003-4534-b939-6caa1bbf060e.ca179523-e115-4861-8bce-65040e96dc48.26f6ad04-df4d-42be-aaf4-b3e450e44378
https://bar.foo.com/bar-spring-analysis-service/bar-spring-analysis-service/analysis/
Why does it redirect to the upstream URL?
Now I set
redirect_uri_path
to/bar-spring-analysis-proxy/analysis
https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=03d66c606ce07462ab499b914456f458&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-proxy%2Fanalysis&nonce=e09990011701d31cedce486bbee0a006&scope=openid
https://bar.foo.com/bar-spring-analysis-proxy/analysis?state=03d66c606ce07462ab499b914456f458&session_state=e29293ed-7072-4192-a0dd-1631aa25d456&code=d3fcafa2-ca5e-4bed-8676-dc88f24f69b1.e29293ed-7072-4192-a0dd-1631aa25d456.26f6ad04-df4d-42be-aaf4-b3e450e44378
https://sso.andrea.muellerpublic.de/auth/realms/public/protocol/openid-connect/auth?response_type=code&client_id=kong.foo.com&state=9c205203623c48df7f62ed3be3e644f6&redirect_uri=https%3A%2F%2Fbar.foo.com%2Fbar-spring-analysis-proxy%2Fanalysis&nonce=e7b420662f15b0901e80f27888520273&scope=openid
https://bar.foo.com/bar-spring-analysis-proxy/analysis?state=xx&session_state=yy
The redirect in step 4. should be correct? kong-oidc should get the response from Keycloak and mark the user as authenticated.
Did I made some configuration mistake?