[keycloak-user] Mixing https/http schemes with sslRequired == all
Stian Thorgersen
stian at redhat.com
Wed Jun 10 07:13:50 EDT 2015
----- Original Message -----
> From: "Orestis Tsakiridis" <orestis.tsakiridis at telestax.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Wednesday, 10 June, 2015 12:57:28 PM
> Subject: Re: [keycloak-user] Mixing https/http schemes with sslRequired == all
>
> Indeed. I've already switched my application to https.
>
> The reason i'm asking this is because before switching i got blank (no
> content) responses from the application's endpoints. HTTP status code was
> 200 but there was no content returned. At the same time the following
> warning appeared in the logs.
>
> 12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator]
> (http-/192.168.1.39:8080-4) SSL is required to authenticate
In that case I'm probably mistaken and the Keycloak adapter actually checks that the request uses SSL when there's a token in it. That would make sense to me that it does, but I wasn't aware that it did ;)
>
>
> On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian at redhat.com> wrote:
>
> >
> >
> > ----- Original Message -----
> > > From: "Orestis Tsakiridis" <orestis.tsakiridis at telestax.com>
> > > To: keycloak-user at lists.jboss.org
> > > Sent: Wednesday, 10 June, 2015 8:57:01 AM
> > > Subject: [keycloak-user] Mixing https/http schemes with sslRequired ==
> > all
> > >
> > > Hello,
> > >
> > > Can keycloak operate on HTTPS while the REST application it protects
> > runs on
> > > HTTP?
> > >
> > > I've also set "Require SSL" to "all requests"
> >
> > Keycloak only deals with request made to the Keycloak Server and doesn't
> > put any restriction on the request to your rest endpoints. However, as you
> > are passing the token in requests to your rest endpoints it wouldn't be the
> > best idea to not use ssl. Although the risk can be mitigated slightly by
> > having short lifespan on access tokens.
> >
> > >
> > >
> > > Regards
> > >
> > > Orestis
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
More information about the keycloak-user
mailing list