<div dir="ltr">Trying to setup reverse SSL for keycloak. Having issues finding documentation about this, it's mentioned in <a href="https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html">https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html</a> but the extra detail that's supposed to be in <a href="https://keycloak.gitbooks.io/server-adminstration-guide/content/">https://keycloak.gitbooks.io/server-adminstration-guide/content/</a> I could not find in regards to reverse SSL proxys.<div><br></div><div>Regardless I ended up following <a href="http://lists.jboss.org/pipermail/keycloak-user/2014-June/000453.html">http://lists.jboss.org/pipermail/keycloak-user/2014-June/000453.html</a> </div><div><br></div><div>From that previous mailling list post:<br><br></div><div><pre style="color:rgb(0,0,0)">Follow the documentation for your web server to enable SSL and configure reverse proxy for Keycloak. It is important that you make sure the web server sets the X-Forwarded-For and X-Forwarded-Proto headers on the requests made to Keycloak. Next you need to enable proxy-address-forwarding on the Keycloak http connector. Assuming that your reverse proxy doesn't use port 8443 for SSL you also need to configure what port http traffic is redirected to. This is done by editing standalone/configuration/standalone.xml.
First add proxy-address-forwarding and redirect-socket to the http-listener element:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
...
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true" redirect-socket="proxy-https"/>
...
</subsystem>
Then add a new socket-binding element to the socket-binding-group element:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
</socket-binding-group></pre></div><div><br></div><div><br></div><div>but now when I go to log on to the admin console I get "We're sorry ... Invalid aparameter: redirect uri". </div><div><br></div><div><br></div><div><br></div><div>Tried stack overflow / google / IRC. No luck so far. </div><div><br></div><div>Any help would be appreciated :D</div><div><br></div><div>Thanks</div><div><br></div><div><br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"></div></div></div></div>
</div></div>