<div dir="ltr">Trying to setup reverse SSL for keycloak. Having issues finding documentation about this, it&#39;s mentioned in <a href="https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html">https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.0/topics/network/https.html</a> but the extra detail that&#39;s supposed to be in <a href="https://keycloak.gitbooks.io/server-adminstration-guide/content/">https://keycloak.gitbooks.io/server-adminstration-guide/content/</a> I could not find in regards to reverse SSL proxys.<div><br></div><div>Regardless I ended up following <a href="http://lists.jboss.org/pipermail/keycloak-user/2014-June/000453.html">http://lists.jboss.org/pipermail/keycloak-user/2014-June/000453.html</a> </div><div><br></div><div>From that previous mailling list post:<br><br></div><div><pre style="color:rgb(0,0,0)">Follow the documentation for your web server to enable SSL and configure reverse proxy for Keycloak. It is important that you make sure the web server sets the X-Forwarded-For and X-Forwarded-Proto headers on the requests made to Keycloak. Next you need to enable proxy-address-forwarding on the Keycloak http connector. Assuming that your reverse proxy doesn&#39;t use port 8443 for SSL you also need to configure what port http traffic is redirected to. This is done by editing standalone/configuration/standalone.xml.

First add proxy-address-forwarding and redirect-socket to the http-listener element:

&lt;subsystem xmlns=&quot;urn:jboss:domain:undertow:1.1&quot;&gt;
    ...
    &lt;http-listener name=&quot;default&quot; socket-binding=&quot;http&quot; proxy-address-forwarding=&quot;true&quot; redirect-socket=&quot;proxy-https&quot;/&gt;
    ...
&lt;/subsystem&gt;

Then add a new socket-binding element to the socket-binding-group element:

&lt;socket-binding-group name=&quot;standard-sockets&quot; default-interface=&quot;public&quot; port-offset=&quot;${jboss.socket.binding.port-offset:0}&quot;&gt;
    ...
    &lt;socket-binding name=&quot;proxy-https&quot; port=&quot;443&quot;/&gt;
    ...
&lt;/socket-binding-group&gt;</pre></div><div><br></div><div><br></div><div>but now when I go to log on to the admin console I get &quot;We&#39;re sorry ... Invalid aparameter: redirect uri&quot;. </div><div><br></div><div><br></div><div><br></div><div>Tried stack overflow / google / IRC. No luck so far. </div><div><br></div><div>Any help would be appreciated :D</div><div><br></div><div>Thanks</div><div><br></div><div><br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"></div></div></div></div>
</div></div>