[keycloak-user] Configuration of Load Balancer with the Keycloak server

[Thomas Connolly]

Hi 
Looking for advise on deploying keycloak behind an F5 load balancer.

An F5 has been setup with a pool pointing to two keycloak servers.
The browser connection to the F5 is using https, the F5 terminates the SSL and forwards to one of the unencrypted keycloak servers on port 8080.
The problem is that when hitting the admin console, https://fqdn/auth/admin, a 302 redirect lands on http://fqdn/auth/realms/master/tokens/login?client_id=... not maintaining the https protocol resulting in the login page not displaying as only https requests are allowed.

In the docs there is a section about using a reverse proxy i.e.

3.2.6.2. Enable SSL on a Reverse Proxy 
http://keycloak.github.io/docs/userguide/html/server-installation.html#d4e336
  
It is not clear to me, I have not tried yet, if this configuration terminates ssl at the web server and then handles the 302 redirect back on the https protocol of the web server. 

I'm asking as I need to find out how to X-Forwarded-For and X-Forwarded-Proto to the fqdn and the protocol https. And then raise tickets which could take time to complete. Essentially I'm verifying that I'm configuring wildfly undertow and sockets correctly and the F5 forwarding headers.

Regards
Tom Connolly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150818/fc130829/attachment.html