<div dir="ltr">The first would be at the "Welcome to Keycloak" page, clicking on Administration Console. The link itself is not redirecting to http, but as part of the login page it looks like it forwards back to http. (eg. <a href="https://auth.psidox.com/auth/">https://auth.psidox.com/auth/</a> -> <a href="https://auth.psidox.com/auth/admin/">https://auth.psidox.com/auth/admin/</a> -> <a href="http://auth.psidox.com/auth/admin/master/console">http://auth.psidox.com/auth/admin/master/console</a> -> <a href="http://auth.psidox.com/auth/realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http%3A%2F%2Fauth.psidox.com%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=2ae3dfaa-fe7c-4973-8932-ffea553d8dfe&response_type=code">http://auth.psidox.com/auth/realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http%3A%2F%2Fauth.psidox.com%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=2ae3dfaa-fe7c-4973-8932-ffea553d8dfe&response_type=code</a>)<div>
<br></div><div>I haven't really gotten too far beyond the login page.</div><div><br></div><div>- Josh</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jun 16, 2014 at 3:33 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">When does it forward the browser from https to http?<br>
<br>
As Bill pointed out, does auth-server-url in your keycloak.json point to your proxy with https?<br>
<br>
What adapter are you using?<br>
<div class="HOEnZb"><div class="h5"><br>
----- Original Message -----<br>
> From: "Josh" <<a href="mailto:smysnk@gmail.com">smysnk@gmail.com</a>><br>
> To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Friday, 13 June, 2014 8:41:32 AM<br>
> Subject: [keycloak-user] Significant SSL issue: Support for reverse proxies<br>
><br>
> Hi guys,<br>
><br>
> So looking to help solve this issue possibly or at least get it on the radar,<br>
> I've reported it here: <a href="https://issues.jboss.org/browse/KEYCLOAK-497" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-497</a><br>
><br>
> To breifly recap the issue, when logging in via reverse proxy it keeps<br>
> forwarding the browser from https back to regular http.<br>
><br>
> Eg. Apache virtualhost configured as:<br>
><br>
> <VirtualHost *:443><br>
> ServerName <a href="http://auth.domain.com" target="_blank">auth.domain.com</a><br>
> SSLEngine On<br>
><br>
> <Proxy *><br>
> Order deny,allow<br>
> Allow from all<br>
> </Proxy><br>
><br>
> ProxyVia Off<br>
> ProxyPreserveHost On<br>
> ProxyRequests Off<br>
><br>
> ProxyPass / <a href="http://keycloak.core.docker:8080/" target="_blank">http://keycloak.core.docker:8080/</a><br>
> ProxyPassReverse / <a href="http://keycloak.core.docker:8080/" target="_blank">http://keycloak.core.docker:8080/</a><br>
><br>
><br>
> </VirtualHost><br>
><br>
> If I were to start looking into the code base, where would I start? Trying to<br>
> find for example during the login process how the forward url is formed?<br>
><br>
> Thanks,<br>
><br>
> Josh<br>
><br>
</div></div><div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>