Shinyproxy with keycloak redirected too many times

Question

I'm trying to get a basic example of shinyproxy working with keycloak. This is my Dockerfile

FROM openjdk:11-jre

RUN mkdir -p /opt/shinyproxy/
RUN wget https://www.shinyproxy.io/downloads/shinyproxy-2.3.1.jar -O /opt/shinyproxy/shinyproxy.jar
COPY application.yml /opt/shinyproxy/application.yml

WORKDIR /opt/shinyproxy/
CMD ["java", "-jar", "/opt/shinyproxy/shinyproxy.jar"]

This is my docker-compose.yml

version: "3.7"

services:
  mysql:
      image: mysql:5.7
      volumes:
        - mysqldata:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
  keycloak:
      image: quay.io/keycloak/keycloak:latest
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: Pa55w0rd
        PROXY_ADDRESS_FORWARDING: 'true'
      ports:
        - 8010:8080
      #networks:
      #  - shinyproxy-net
      depends_on:
        - mysql
  shinyproxy:
    build: .
    image: shinyproxy
    ports:
      - '8020:8080'
    networks:
      - shinyproxy-net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
networks:
  shinyproxy-net:
    external: true
volumes:
  mysqldata:
      driver: local

This is my application.yml

proxy:
  port: 8080
  authentication: keycloak
  useForwardHeaders: true  # not sure if necessary or not
  admin-groups: admins
  keycloak:
    realm: shinyproxy                                                     
    auth-server-url: http://localhost:8010/auth
    resource: shinyproxy                                                  
    credentials-secret: aa205d81-ae00-4b59-bca6-4c41074c633c
  docker:
      internal-networking: true
  specs:
  - id: 01_hello
    display-name: Hello Application
    description: Application which demonstrates the basics of a Shiny app 
    container-cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
  - id: 06_tabsets
    container-cmd: ["R", "-e", "shinyproxy::run_06_tabsets()"]
    container-image: openanalytics/shinyproxy-demo
    container-network: shinyproxy-net
logging:
  file:
    shinyproxy.log

When I go to http://localhost:8020/ and authenticate with the user I created in http://localhost:8010/ I get a redirected too many times error.

What am I doing wrong?

Answer 1

I have the same problem and I have investigated a lot ... I have managed to notice what is the error behind that "redirected-too many times"

ERROR 1 --- [  XNIO-1 task-1] o.k.adapters.OAuthRequestAuthenticator: failed to turn code into token

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have tried to solve it by adding the security certificates, as indicated by the following link https://hub.docker.com/r/jboss/keycloak/, in the section Setting up TLS(SSL), with the solution indicated by @Vsoma in this link Keycloak SSL setup using docker image and add the volume of Keycloak service to container into the docker-compose-yml like this:

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - ./themes/mytheme:/opt/jboss/keycloak/themes/mytheme
  - ./keycloak/certs:/etc/x509/https

And also add in standalone.xml the line:

<socket-binding name = "proxy-https" port = "443"/>

This is not a definitive answer, but I think it is a significant advance in solving the problem.