----- Original Message -----
From: "Orestis Tsakiridis"
<orestis.tsakiridis(a)telestax.com>
To: keycloak-user(a)lists.jboss.org
Sent: Wednesday, 10 June, 2015 8:57:01 AM
Subject: [keycloak-user] Mixing https/http schemes with sslRequired == all
Hello,
Can keycloak operate on HTTPS while the REST application it protects runs on
HTTP?
I've also set "Require SSL" to "all requests"
Keycloak only deals with request made to the Keycloak Server and doesn't put any
restriction on the request to your rest endpoints. However, as you are passing the token
in requests to your rest endpoints it wouldn't be the best idea to not use ssl.
Although the risk can be mitigated slightly by having short lifespan on access tokens.
Regards
Orestis
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user