Configuring a proxy for outgoing Keycloak HTTP requests#

Security Assertion Markup Language (SAML) allows you to access multiple web-based applications using a single set of authentication credentials. It is possible to configure Keycloak to access a SAML server via a preconfigured proxy in situations where Keycloak’s host doesn’t have direct access to the internet.

  1. Open a terminal and log in to your instance of Package Security Manager (On-prem) as an admin.

  2. Open your installer file, where the docker-compose.yml file is located by running the command:

    # Replace <INSTALLER_LOCATION> with the location of your installer file (where the ``docker-compose.yml`` file is)


    You can see all the files contained in your current directory location by running the command ls -la in the terminal. You can look for the docker-compose.yml file this way, if necessary.

  3. Open your docker-compose.yml file using your preferred file editor.

  4. Find the Keycloak service section of the file, and under environment:, add the following lines:

    # Replace <PROXY_SITE_URL> with the URL of your SAML proxy
  5. Save your work and close the file. To verify your changes were saved, you can run the command:

    cat docker-compose.yml

    Here is an excerpt from a docker-compose.yml file to show you what your Keycloak section might look like.

        image: ${DOCKER_REGISTRY}keycloak:${VERSION}
        - KEYCLOAK_IMPORT=true
        - KC_DB_URL_PORT=5432
        - KC_DB_URL_DATABASE=keycloak
        - KC_DB_USERNAME=keycloak
        - KC_DB_PASSWORD=keycloak
        - KC_PROXY=edge
        - KC_HTTP_ENABLED=true
  6. Restart your instance of Package Security Manager.

    docker compose down
    docker compose up -d