[keycloak-user] Spring Boot Adapter and SSL Termination Issues
watson409 at gmail.com
Mon Nov 28 00:15:18 EST 2016
I am having a problem related to the Spring boot adapter and SSL
termination at the load balancer level. I am using Keycloak
Locally, when not using HTTPS and setting "keycloak.ssl-required =
none", everything, including using google and facebook as identity
providers, works as expected.
However, I am now trying to deploy my demo to AWS. I am terminating
SSL at the ELB level, and that seems to be causing issues. Here is my
full config (with ... added for secrets & such):
server.port = 8080
keycloak.realm = social
keycloak.realmKey = MIIB...
keycloak.auth-server-url = https://sso...
keycloak.ssl-required = all
keycloak.resource = adapter-client
keycloak.token-store = cookie
keycloak.credentials.secret = ...
keycloak.securityConstraints.securityCollections.name = secure
keycloak.securityConstraints.securityCollections.authRoles = user
keycloak.securityConstraints.securityCollections.patterns = /secure/*
The issue I am having seems to be related to terminating SSL at the
ELB level. When tracing though a login request, all requests from the
browser seem proper. However, I get the following error in the demo
2016-11-28 04:44:59.829 ERROR 2531 --- [nio-8080-exec-5]
o.k.adapters.OAuthRequestAuthenticator : Adapter requires SSL.
So, it appears that the adapter is expecting an SSL request, but the
ELB is terminating SSL, so the adapter just sees a HTTP request, and
Is there a way to configure the adapter to tell it SSL termination is
happening at the load balancer? I know that keycloak itself has such
configuration, but do the adapters?
More information about the keycloak-user