oauth2-proxy/contrib/local-environment/oauth2-proxy-keycloak.cfg

http_address="0.0.0.0:4180"
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
email_domains="example.com"
cookie_secure="false"
upstreams="http://httpbin"
cookie_domains=["oauth2-proxy.localtest.me:4080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains.
whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.

# keycloak provider
client_secret="72341b6d-7065-4518-a0e4-50ee15025608"
client_id="oauth2-proxy"
redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"

# in this case oauth2-proxy is going to visit
# http://keycloak.localtest.me:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration
oidc_issuer_url="http://keycloak.localtest.me:9080/realms/oauth2-proxy"
provider="oidc"
provider_display_name="Keycloak"
Add Keycloak local testing environment (#604) * Adding one more example - keycloak - alongside with dex IDP. * don't expose keycloak and proxy ports to the host * specify email-domain list option in documentation * get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390 * get rid of the scripts - use static file for keycloak startup * changelog entry * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-06-14 08:06:12 -05:00			`http_address="0.0.0.0:4180"`
			`cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="`
add contribution guide to documentation (#2318) * add contribution guide to doucmentation * fix EOF 2023-11-13 11:27:28 +01:00			`email_domains="example.com"`
Add Keycloak local testing environment (#604) * Adding one more example - keycloak - alongside with dex IDP. * don't expose keycloak and proxy ports to the host * specify email-domain list option in documentation * get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390 * get rid of the scripts - use static file for keycloak startup * changelog entry * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-06-14 08:06:12 -05:00			`cookie_secure="false"`
chore(examples): update keycloak to v25 (#2706) --------- Co-authored-by: tuunit <jan@larwig.com> 2024-07-18 23:57:15 +02:00			`upstreams="http://httpbin"`
Fix local-environment ports (#3136) * Change Dex port in local-environment from 4190 to 5556 Port 4190 is blocked by standards-compliant browsers (e.g. Firefox), as per https://fetch.spec.whatwg.org/#port-blocking. Port 5556 is used by Dex in its example config files: https://github.com/dexidp/dex/blob/745e1114f341e849f3b0edde45b39c14017deaf8/examples/config-dev.yaml#L50 * Fix upstream in local-environment/oauth2-proxy.cfg http://httpbin.localtest.me:8080 is only exposed to the host, not to httpbin Docker network. Causes Bad Gateway before. * Do not expose unauthenticated httpbin service in local-environment This defeats the point of having oauth2-proxy. It has already been misleading by causing the bug fixed in cafc6af48fc38f6fe4395fb0c7e2638bc84e6091. It serves as a bad example: users might accidentally expose the service they're trying to protect in the first place. * Remove unnecessary httpbin.localtest.me alias from local-environment 2025-07-20 21:32:50 +03:00			`cookie_domains=["oauth2-proxy.localtest.me:4080", "keycloak.localtest.me:9080"] # Required so cookie can be read on all subdomains.`
Add Keycloak local testing environment (#604) * Adding one more example - keycloak - alongside with dex IDP. * don't expose keycloak and proxy ports to the host * specify email-domain list option in documentation * get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390 * get rid of the scripts - use static file for keycloak startup * changelog entry * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-06-14 08:06:12 -05:00			`whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.`

			`# keycloak provider`
			`client_secret="72341b6d-7065-4518-a0e4-50ee15025608"`
			`client_id="oauth2-proxy"`
			`redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"`

			`# in this case oauth2-proxy is going to visit`
chore(examples): update keycloak to v25 (#2706) --------- Co-authored-by: tuunit <jan@larwig.com> 2024-07-18 23:57:15 +02:00			`# http://keycloak.localtest.me:9080/realms/oauth2-proxy/.well-known/openid-configuration for configuration`
			`oidc_issuer_url="http://keycloak.localtest.me:9080/realms/oauth2-proxy"`
Add Keycloak local testing environment (#604) * Adding one more example - keycloak - alongside with dex IDP. * don't expose keycloak and proxy ports to the host * specify email-domain list option in documentation * get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390 * get rid of the scripts - use static file for keycloak startup * changelog entry * Update CHANGELOG.md Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2020-06-14 08:06:12 -05:00			`provider="oidc"`
			`provider_display_name="Keycloak"`