5:57 a.m.
Indeed. I've already switched my application to https.
The reason i'm asking this is because before switching i got blank (no
content) responses from the application's endpoints. HTTP status code was
200 but there was no content returned. At the same time the following
warning appeared in the logs.
12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator]
(http-/192.168.1.39:8080-4) SSL is required to authenticate
On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
----- Original Message -----
> From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Wednesday, 10 June, 2015 8:57:01 AM
> Subject: [keycloak-user] Mixing https/http schemes with sslRequired ==
all
>
> Hello,
>
> Can keycloak operate on HTTPS while the REST application it protects
runs on
> HTTP?
>
> I've also set "Require SSL" to "all requests"
Keycloak only deals with request made to the Keycloak Server and doesn't
put any restriction on the request to your rest endpoints. However, as you
are passing the token in requests to your rest endpoints it wouldn't be the
best idea to not use ssl. Although the risk can be mitigated slightly by
having short lifespan on access tokens.
>
>
> Regards
>
> Orestis
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
6:13 a.m.
New subject: Mixing https/http schemes with sslRequired == all
----- Original Message -----
From: "Orestis Tsakiridis"
<orestis.tsakiridis(a)telestax.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Wednesday, 10 June, 2015 12:57:28 PM
Subject: Re: [keycloak-user] Mixing https/http schemes with sslRequired == all
Indeed. I've already switched my application to https.
The reason i'm asking this is because before switching i got blank (no
content) responses from the application's endpoints. HTTP status code was
200 but there was no content returned. At the same time the following
warning appeared in the logs.
12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator]
(http-/192.168.1.39:8080-4) SSL is required to authenticate
In that case I'm probably mistaken and the Keycloak adapter actually checks that the
request uses SSL when there's a token in it. That would make sense to me that it does,
but I wasn't aware that it did ;)
On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
>
>
> ----- Original Message -----
> > From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com>
> > To: keycloak-user(a)lists.jboss.org
> > Sent: Wednesday, 10 June, 2015 8:57:01 AM
> > Subject: [keycloak-user] Mixing https/http schemes with sslRequired ==
> all
> >
> > Hello,
> >
> > Can keycloak operate on HTTPS while the REST application it protects
> runs on
> > HTTP?
> >
> > I've also set "Require SSL" to "all requests"
>
> Keycloak only deals with request made to the Keycloak Server and doesn't
> put any restriction on the request to your rest endpoints. However, as you
> are passing the token in requests to your rest endpoints it wouldn't be the
> best idea to not use ssl. Although the risk can be mitigated slightly by
> having short lifespan on access tokens.
>
> >
> >
> > Regards
> >
> > Orestis
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
10:09 a.m.
New subject: Mixing https/http schemes with sslRequired == all
Yep, it appears so.
So, we're either talking about a feature, or some sort behaviour that is
desired. Right?
Anyway, thanks for clarifying this.
On Wed, Jun 10, 2015 at 2:13 PM, Stian Thorgersen <stian(a)redhat.com> wrote:
----- Original Message -----
> From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Sent: Wednesday, 10 June, 2015 12:57:28 PM
> Subject: Re: [keycloak-user] Mixing https/http schemes with sslRequired
== all
>
> Indeed. I've already switched my application to https.
>
> The reason i'm asking this is because before switching i got blank (no
> content) responses from the application's endpoints. HTTP status code was
> 200 but there was no content returned. At the same time the following
> warning appeared in the logs.
>
> 12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator]
> (http-/192.168.1.39:8080-4) SSL is required to authenticate
In that case I'm probably mistaken and the Keycloak adapter actually
checks that the request uses SSL when there's a token in it. That would
make sense to me that it does, but I wasn't aware that it did ;)
>
>
> On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian(a)redhat.com>
wrote:
>
> >
> >
> > ----- Original Message -----
> > > From: "Orestis Tsakiridis"
<orestis.tsakiridis(a)telestax.com>
> > > To: keycloak-user(a)lists.jboss.org
> > > Sent: Wednesday, 10 June, 2015 8:57:01 AM
> > > Subject: [keycloak-user] Mixing https/http schemes with sslRequired
==
> > all
> > >
> > > Hello,
> > >
> > > Can keycloak operate on HTTPS while the REST application it protects
> > runs on
> > > HTTP?
> > >
> > > I've also set "Require SSL" to "all requests"
> >
> > Keycloak only deals with request made to the Keycloak Server and
doesn't
> > put any restriction on the request to your rest endpoints. However, as
you
> > are passing the token in requests to your rest endpoints it wouldn't
be the
> > best idea to not use ssl. Although the risk can be mitigated slightly
by
> > having short lifespan on access tokens.
> >
> > >
> > >
> > > Regards
> > >
> > > Orestis
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
12:16 p.m.
New subject: Mixing https/http schemes with sslRequired == all
----- Original Message -----
From: "Orestis Tsakiridis"
<orestis.tsakiridis(a)telestax.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Wednesday, 10 June, 2015 5:09:31 PM
Subject: Re: [keycloak-user] Mixing https/http schemes with sslRequired == all
Yep, it appears so.
So, we're either talking about a feature, or some sort behaviour that is
desired. Right?
Yes, it is indeed the desired behavior.
Anyway, thanks for clarifying this.
On Wed, Jun 10, 2015 at 2:13 PM, Stian Thorgersen <stian(a)redhat.com> wrote:
>
>
> ----- Original Message -----
> > From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com>
> > To: "Stian Thorgersen" <stian(a)redhat.com>
> > Cc: keycloak-user(a)lists.jboss.org
> > Sent: Wednesday, 10 June, 2015 12:57:28 PM
> > Subject: Re: [keycloak-user] Mixing https/http schemes with sslRequired
> == all
> >
> > Indeed. I've already switched my application to https.
> >
> > The reason i'm asking this is because before switching i got blank (no
> > content) responses from the application's endpoints. HTTP status code was
> > 200 but there was no content returned. At the same time the following
> > warning appeared in the logs.
> >
> > 12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator]
> > (http-/192.168.1.39:8080-4) SSL is required to authenticate
>
> In that case I'm probably mistaken and the Keycloak adapter actually
> checks that the request uses SSL when there's a token in it. That would
> make sense to me that it does, but I wasn't aware that it did ;)
>
> >
> >
> > On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian(a)redhat.com>
> wrote:
> >
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Orestis Tsakiridis"
<orestis.tsakiridis(a)telestax.com>
> > > > To: keycloak-user(a)lists.jboss.org
> > > > Sent: Wednesday, 10 June, 2015 8:57:01 AM
> > > > Subject: [keycloak-user] Mixing https/http schemes with sslRequired
> ==
> > > all
> > > >
> > > > Hello,
> > > >
> > > > Can keycloak operate on HTTPS while the REST application it protects
> > > runs on
> > > > HTTP?
> > > >
> > > > I've also set "Require SSL" to "all
requests"
> > >
> > > Keycloak only deals with request made to the Keycloak Server and
> doesn't
> > > put any restriction on the request to your rest endpoints. However, as
> you
> > > are passing the token in requests to your rest endpoints it wouldn't
> be the
> > > best idea to not use ssl. Although the risk can be mitigated slightly
> by
> > > having short lifespan on access tokens.
> > >
> > > >
> > > >
> > > > Regards
> > > >
> > > > Orestis
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user(a)lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
>
3473
days inactive
3473
days old
3 comments
2 participants
participants (2)
-
Orestis Tsakiridis -
Stian Thorgersen