Re: [keycloak-dev] Keycloak Proxy & X-FORWARDED-PROTO
Hi Rory,
If you are using a proxy, you need to enable a setting in the undertow web
section of standalone.xml to ensure that proxies are supported. This is
what I use in 3.2.x:
<http-listener proxy-address-forwarding="true" name="default"
socket-binding="http" redirect-socket="https"/>
I believe you can add this attribute for both http and https. Once that's
in, I believe all proxying will work.
John
On Thu, Jan 4, 2018 at 5:19 PM Rory Hart <hartror(a)gmail.com> wrote:
I may have found a bug (or lack of feature?) in the proxy. I'm
running the
proxy behind a AWS load balancer which is handling HTTPS but the redirect
urls that the proxy is generating are HTTP.
While this isn't blocking usage as HTTP is redirected to HTTPS it is a
small security hole that I would like to close.
Is this something wrong with the proxy, a feature that needs to be worked
on or out of scope of the proxy all together and I should be asking another
team? (undertow?)
Thanks
Rory Hart
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev