From 8c2d4812b006803627c94003874de19d0386c910 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Wed, 29 Oct 2014 14:02:16 +0100
Subject: [PATCH 1/2] KEYCLOAK-763

Document reverse proxy setup on AS7/EAP
---
 .../en/en-US/modules/server-installation.xml  | 67 ++++++++++++++++---
 1 file changed, 56 insertions(+), 11 deletions(-)

diff --git a/docbook/reference/en/en-US/modules/server-installation.xml b/docbook/reference/en/en-US/modules/server-installation.xml
index 9e595a194d..5ca0cd8f50 100755
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@@ -625,29 +625,74 @@ keycloak-war-dist-all-&project.version;/
                     <literal>X-Forwarded-Proto</literal> headers on the requests made to Keycloak. Next you need to enable
                     <literal>proxy-address-forwarding</literal> on the Keycloak http connector. Assuming that your reverse
                     proxy doesn't use port 8443 for SSL you also need to configure what port http traffic is redirected to.
-                    This is done by editing <literal>standalone/configuration/standalone.xml</literal>.
                 </para>
-                First add <literal>proxy-address-forwarding</literal> and <literal>redirect-socket</literal> to the <literal>http-listener</literal>
-                element:
-                <para>
+
+                <section>
+                    <title>WildFly</title>
+
+                    <para>
+                        Open <literal>standalone/configuration/standalone.xml</literal> in your favorite editor.
+                    </para>
+
+                    <para>
+                        First add <literal>proxy-address-forwarding</literal> and <literal>redirect-socket</literal> to
+                        the <literal>http-listener</literal> element:
 <programlisting><![CDATA[<subsystem xmlns="urn:jboss:domain:undertow:1.1">
     ...
-    <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
+    <http-listener name="default" socket-binding="http"
+        proxy-address-forwarding="true" redirect-socket="proxy-https"/>
     ...
 </subsystem>
 ]]></programlisting>
-                Then add a new <literal>socket-binding</literal> element to the <literal>socket-binding-group</literal> element:
+                    </para>
+                    <para>
+                        Then add a new <literal>socket-binding</literal> element to the <literal>socket-binding-group</literal> element:
 <programlisting><![CDATA[
-<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+<socket-binding-group name="standard-sockets" default-interface="public"
+    port-offset="${jboss.socket.binding.port-offset:0}">
     ...
     <socket-binding name="proxy-https" port="443"/>
     ...
 </socket-binding-group>
 ]]></programlisting>
-                </para>
-                <para>
-                    Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">WildFly</ulink> documentation for more information.
-                </para>
+                    </para>
+                    <para>
+                        Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">WildFly</ulink> documentation for more information.
+                    </para>
+                </section>
+
+                <section>
+                    <title>AS7/EAP</title>
+
+                    <para>
+                        Open <literal>standalone/configuration/standalone.xml</literal> in your favorite editor.
+                    </para>
+
+                    <para>
+                        You need to add <literal>redirect-port</literal> to http <literal>connector</literal> element and
+                        add the <literal>RemoteIpValve</literal> valve:
+<programlisting><![CDATA[
+<subsystem xmlns="urn:jboss:domain:web:1.5"
+    default-virtual-server="default-host" native="false">
+    <connector name="http" protocol="HTTP/1.1" scheme="http"
+        socket-binding="http"
+        redirect-port="443"/>
+    <virtual-server name="default-host" enable-welcome-root="true">
+        <alias name="localhost"/>
+        <alias name="example.com"/>
+    </virtual-server>
+    <valve name="remoteipvalve" module="org.jboss.as.web"
+        class-name="org.apache.catalina.valves.RemoteIpValve">
+        <param param-name="protocolHeader" param-value="x-forwarded-proto"/>
+    </valve>
+</subsystem>
+]]></programlisting>
+                    </para>
+
+
+
+                </section>
+
             </section>
 
             <section>

From 05b6dc7af4f7b1bd48bbb00444344981166b1842 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Wed, 29 Oct 2014 14:02:38 +0100
Subject: [PATCH 2/2] KEYCLOAK-797

login-status-iframe.html fails if domain contains hyphen
---
 core/src/main/java/org/keycloak/util/UriUtils.java     | 2 +-
 core/src/test/java/org/keycloak/util/UriUtilsTest.java | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/keycloak/util/UriUtils.java b/core/src/main/java/org/keycloak/util/UriUtils.java
index 8532c5b630..3f0f9afa62 100644
--- a/core/src/main/java/org/keycloak/util/UriUtils.java
+++ b/core/src/main/java/org/keycloak/util/UriUtils.java
@@ -8,7 +8,7 @@ import java.util.regex.Pattern;
  */
 public class UriUtils {
 
-    private static final Pattern originPattern = Pattern.compile("(http://|https://)[\\w]+(\\.[\\w]+)*(:[\\d]{2,5})?");
+    private static final Pattern originPattern = Pattern.compile("(http://|https://)[\\w-]+(\\.[\\w-]+)*(:[\\d]{2,5})?");
 
     public static String getOrigin(URI uri) {
         return getOrigin(uri.toString());
diff --git a/core/src/test/java/org/keycloak/util/UriUtilsTest.java b/core/src/test/java/org/keycloak/util/UriUtilsTest.java
index 52d484ded8..af89777dfb 100644
--- a/core/src/test/java/org/keycloak/util/UriUtilsTest.java
+++ b/core/src/test/java/org/keycloak/util/UriUtilsTest.java
@@ -24,6 +24,8 @@ public class UriUtilsTest {
         assertValid("http://192.168.123.123");
         assertValid("https://192.168.123.123");
         assertValid("https://192.168.123.123:8080");
+        assertValid("https://sub-sub.test.com");
+        assertValid("https://sub.test-test.com");
 
         assertInvalid("https://test/");
         assertInvalid("{");