[keycloak-dev] Keycloak Proxy & X-FORWARDED-PROTO
Rory Hart
hartror at gmail.com
Fri Jan 5 16:03:39 EST 2018
Hi John
Thanks for your response. We are using that method in our standalone.xml
for keycloak and have set it up as you describel. However the keycloak
security proxy package doesn't appear to come with, or use this file?
The documentation for it doesn't mentioned utilising it either?
http://www.keycloak.org/docs/latest/server_installation/index.html#_proxy
Thanks
On 5 January 2018 at 08:26, John D. Ament <john.d.ament at gmail.com> wrote:
> Hi Rory,
>
> If you are using a proxy, you need to enable a setting in the undertow web
> section of standalone.xml to ensure that proxies are supported. This is
> what I use in 3.2.x:
>
> <http-listener proxy-address-forwarding="true" name="default"
> socket-binding="http" redirect-socket="https"/>
>
> I believe you can add this attribute for both http and https. Once that's
> in, I believe all proxying will work.
>
> John
>
> On Thu, Jan 4, 2018 at 5:19 PM Rory Hart <hartror at gmail.com> wrote:
>
>> I may have found a bug (or lack of feature?) in the proxy. I'm running the
>> proxy behind a AWS load balancer which is handling HTTPS but the redirect
>> urls that the proxy is generating are HTTP.
>>
>> While this isn't blocking usage as HTTP is redirected to HTTPS it is a
>> small security hole that I would like to close.
>>
>> Is this something wrong with the proxy, a feature that needs to be worked
>> on or out of scope of the proxy all together and I should be asking
>> another
>> team? (undertow?)
>>
>> Thanks
>>
>> Rory Hart
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
More information about the keycloak-dev
mailing list