How to Make Several Ataccama Server Instances Work Behind a Reverse Proxy

If you're installing any Ataccama apps on root and the Admin Center is installed as well (even on a different server), you must set custom login URL handlers for other Ataccama apps for the whole solution to work behind the reverse proxy. 

To set a custom URL for the login handler that manages redirects to and from Keycloak:

The element KeycloakSecurity in the .serverConfig now has an optional attribute loginUrl that may be used to customize the login handler location. The default value if the element is not present is /sso/login

...
<listener name="default" port="8888" threads="10">

  <handlerSecurity class="com.ataccama.dqc.web.security.KeycloakSecurity">

    <loginUrl>/my-sso/crazy-login</loginUrl>

    <interceptUrls>
      <interceptUrl pattern="/console/**" access="isAuthenticated()"/>
      <interceptUrl pattern="/**" access="permitAll"/>
    </interceptUrls>
    <deploymentContexts>
      <deploymentContext pattern="/api/mda" configFile="keycloak-mda-server.json"/>
      <deploymentContext pattern="/api/userSettings" configFile="keycloak-mda-server.json"/>
      <deploymentContext pattern="/api/issueTrackerMda" configFile="keycloak-mda-im.json"/>
      <deploymentContext pattern="/api/dqit/**" configFile="keycloak-mda-im.json"/>
      <deploymentContext pattern="/**" configFile="keycloak-admin-center.json"/>
    </deploymentContexts>
  </handlerSecurity>

</listener>
...