2:49 p.m.
I may have found a bug (or lack of feature?) in the proxy. I'm running the
proxy behind a AWS load balancer which is handling HTTPS but the redirect
urls that the proxy is generating are HTTP.
While this isn't blocking usage as HTTP is redirected to HTTPS it is a
small security hole that I would like to close.
Is this something wrong with the proxy, a feature that needs to be worked
on or out of scope of the proxy all together and I should be asking another
team? (undertow?)
Thanks
Rory Hart
4:26 p.m.
Hi Rory,
If you are using a proxy, you need to enable a setting in the undertow web
section of standalone.xml to ensure that proxies are supported. This is
what I use in 3.2.x:
<http-listener proxy-address-forwarding="true" name="default"
socket-binding="http" redirect-socket="https"/>
I believe you can add this attribute for both http and https. Once that's
in, I believe all proxying will work.
John
On Thu, Jan 4, 2018 at 5:19 PM Rory Hart <hartror(a)gmail.com> wrote:
I may have found a bug (or lack of feature?) in the proxy. I'm
running the
proxy behind a AWS load balancer which is handling HTTPS but the redirect
urls that the proxy is generating are HTTP.
While this isn't blocking usage as HTTP is redirected to HTTPS it is a
small security hole that I would like to close.
Is this something wrong with the proxy, a feature that needs to be worked
on or out of scope of the proxy all together and I should be asking another
team? (undertow?)
Thanks
Rory Hart
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
3:03 p.m.
Hi John
Thanks for your response. We are using that method in our standalone.xml
for keycloak and have set it up as you describel. However the keycloak
security proxy package doesn't appear to come with, or use this file?
The documentation for it doesn't mentioned utilising it either?
http://www.keycloak.org/docs/latest/server_installation/index.html#_proxy
Thanks
On 5 January 2018 at 08:26, John D. Ament <john.d.ament(a)gmail.com> wrote:
Hi Rory,
If you are using a proxy, you need to enable a setting in the undertow web
section of standalone.xml to ensure that proxies are supported. This is
what I use in 3.2.x:
<http-listener proxy-address-forwarding="true" name="default"
socket-binding="http" redirect-socket="https"/>
I believe you can add this attribute for both http and https. Once that's
in, I believe all proxying will work.
John
On Thu, Jan 4, 2018 at 5:19 PM Rory Hart <hartror(a)gmail.com> wrote:
> I may have found a bug (or lack of feature?) in the proxy. I'm running the
> proxy behind a AWS load balancer which is handling HTTPS but the redirect
> urls that the proxy is generating are HTTP.
>
> While this isn't blocking usage as HTTP is redirected to HTTPS it is a
> small security hole that I would like to close.
>
> Is this something wrong with the proxy, a feature that needs to be worked
> on or out of scope of the proxy all together and I should be asking
> another
> team? (undertow?)
>
> Thanks
>
> Rory Hart
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
2317
days inactive
2318
days old
2 comments
2 participants
participants (2)
-
John D. Ament -
Rory Hart