Yep, it appears so.
So, we're either talking about a feature, or some sort behaviour that is
desired. Right?
Anyway, thanks for clarifying this.
On Wed, Jun 10, 2015 at 2:13 PM, Stian Thorgersen <stian(a)redhat.com> wrote:
----- Original Message -----
> From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Sent: Wednesday, 10 June, 2015 12:57:28 PM
> Subject: Re: [keycloak-user] Mixing https/http schemes with sslRequired
== all
>
> Indeed. I've already switched my application to https.
>
> The reason i'm asking this is because before switching i got blank (no
> content) responses from the application's endpoints. HTTP status code was
> 200 but there was no content returned. At the same time the following
> warning appeared in the logs.
>
> 12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator]
> (http-/192.168.1.39:8080-4) SSL is required to authenticate
In that case I'm probably mistaken and the Keycloak adapter actually
checks that the request uses SSL when there's a token in it. That would
make sense to me that it does, but I wasn't aware that it did ;)
>
>
> On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian(a)redhat.com>
wrote:
>
> >
> >
> > ----- Original Message -----
> > > From: "Orestis Tsakiridis"
<orestis.tsakiridis(a)telestax.com>
> > > To: keycloak-user(a)lists.jboss.org
> > > Sent: Wednesday, 10 June, 2015 8:57:01 AM
> > > Subject: [keycloak-user] Mixing https/http schemes with sslRequired
==
> > all
> > >
> > > Hello,
> > >
> > > Can keycloak operate on HTTPS while the REST application it protects
> > runs on
> > > HTTP?
> > >
> > > I've also set "Require SSL" to "all requests"
> >
> > Keycloak only deals with request made to the Keycloak Server and
doesn't
> > put any restriction on the request to your rest endpoints. However, as
you
> > are passing the token in requests to your rest endpoints it wouldn't
be the
> > best idea to not use ssl. Although the risk can be mitigated slightly
by
> > having short lifespan on access tokens.
> >
> > >
> > >
> > > Regards
> > >
> > > Orestis
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>