I have a keycloak service and my app running behind proxied DNS A records. My app is asking keycloak for authentication then redirect back once user is authenticated. This works fine when my app is NOT proxied; however, if I turn proxied ON, my keycloak does not close and redirect back to my app anymore. It stays as a blank page, and as the result, my app does not receive authentication token, I guess.
I am not sure if it’s a specific setting in keycloak that has to be set or something else in Cloudflare, but my observation is that with proxied DNS turned on, my authentication workflow doesn’t work anymore.
I would check to see if you get any browser console errors when keycloak is proxied. This can help point to where errors are coming from.
There is no errors or anything in my browser console. The normal authentication flow is from my app, a new tab is opened for keycloak login. Once successfully authenticated, this keycloak tab will automatically close and return back to my app with a token. With proxied DNS, keycloak tab does not close and stay blank, but I can see the “supposed-to-be” redirect url with some encoded information in the address bar, that’s it.
With fiddler, I was able to log the requests. When proxy is turned on, there are more back-and-forth traffics going on, with this one in particular (I removed https in order to be able to post):