Re: [keycloak-user] Mixing https/http schemes with sslRequired == all
Indeed. I've already switched my application to https.
The reason i'm asking this is because before switching i got blank (no
content) responses from the application's endpoints. HTTP status code was
200 but there was no content returned. At the same time the following
warning appeared in the logs.
12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator]
(http-/192.168.1.39:8080-4) SSL is required to authenticate
On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
----- Original Message -----
> From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com>
> To: keycloak-user(a)lists.jboss.org
> Sent: Wednesday, 10 June, 2015 8:57:01 AM
> Subject: [keycloak-user] Mixing https/http schemes with sslRequired ==
all
>
> Hello,
>
> Can keycloak operate on HTTPS while the REST application it protects
runs on
> HTTP?
>
> I've also set "Require SSL" to "all requests"
Keycloak only deals with request made to the Keycloak Server and doesn't
put any restriction on the request to your rest endpoints. However, as you
are passing the token in requests to your rest endpoints it wouldn't be the
best idea to not use ssl. Although the risk can be mitigated slightly by
having short lifespan on access tokens.
>
>
> Regards
>
> Orestis
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 2.2 KB)