[keycloak-user] Services behind a Proxy that offloads SSL
matthew.broadhead at nbmlaw.co.uk
Tue Nov 28 05:11:10 EST 2017
also if you access the server through your proxy it should update all
the links to be https rather than http. for instance when you go to
realm->clients->your client->installation->Keycloak OIDC JSON the
auth-server-url will show the base url correctly depending on how you
accessed the admin interface
On 28/11/2017 10:57, Malte Finsterwalder wrote:
> Thanks for your help, but I can't find anything helpfull in the docs. I
> scanned the complete documentation and read a lot of it.
> Could you point me to a particular chapter?
> To clarify: I don't have a problem with Keycloak being behind a proxy, that
> offloads SSL.
> I have a problem with the service being behind a proxy. The service itself
> is access via HTTP, since SSL is offloaded on the Proxy.
> The client adapter then creates a redirect URL as HTTP, not HTTPS and
> passes that to Keycloak. So when Keycloak redirects back to the service, it
> uses the HTTP URL provided by the client adapter, which is "wrong".
> On 27 November 2017 at 20:26, Stian Thorgersen <sthorger at redhat.com> wrote:
>> Read the docs. There's a section on how to configure Keycloak properly
>> when you're using a reverse proxy
>> On 27 November 2017 at 17:31, Malte Finsterwalder <inofi at gmx.net> wrote:
>>> Hi there,
>>> I have a service running in a JBoss server, that I want to secure via the
>>> keycloak adapter.
>>> The server is behind a proxy, that offloads SSL, so the server itself gets
>>> traffic as http.
>>> When the server redirects to keycloak for authentication, the redirect URL
>>> supplied to keycloak is http, not https. How can I ensure, that a redirect
>>> URL is an https URL?
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
More information about the keycloak-user