[keycloak-user] Token audience doesn't match domain.

[Thomas Barcia]

I have my keycloak 1.6.1-final cluster running behind a Netscaler that terminates the SSL connections, therefore communication from the Netscaler to Keycloak is http but from the Internet to the Netscaler is https.  We've managed the rewrites so that logging in works however we're now getting an error that the token audience doesn't match the domain because the issuer is http://keycloakserver but the URL from configuration is https://keycloakserver.  Is there a way to make this configuration work? When the error says "URL from configuration" does it mean the java app configuration or the Keycloak configuration?

Thank you.
*** This communication has been sent from World Fuel Services 
Corporation or its subsidiaries or its affiliates for the intended recipient 
only and may contain proprietary, confidential or privileged information. 
If you are not the intended recipient, any review, disclosure, copying, 
use, or distribution of the information included in this communication 
and any attachments is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to this 
communication and delete the communication, including any 
attachments, from your computer. Electronic communications sent to or 
from World Fuel Services Corporation or its subsidiaries or its affiliates 
may be monitored for quality assurance and compliance purposes.***

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160104/150b607f/attachment-0001.html