It seems Wildfly isn’t aware of the fact that Nginx is handling secure connections.
Take a look at these posts:
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
On Feb 19, 2016, at 10:56 AM, Andy Yar <andyyar66(a)gmail.com>
wrote:
Howdy,
I use 1.8.0-Final integrated with Spring Security (which itself is integrated into
Grails) using OpenID Connect method. The Keycloak and all integrated apps run behind a
nginx SSL reverse proxy. Realm's SSL is set to: "ssl-required":
"external".
My issue is related to initial "redirect_uri" generation.
When I'm logged out and try to access a protected resource via a HTTPS request, I
receive 302 response with Location URL starting with plain HTTP scheme. Apparently the
Location goes to the "redirect_uri" attribute and therefore it tries to redirect
me back here after a successful login.
Of course, it is possible to add both HTTP and HTTPS schemas as allowed redirect URI
patterns. However, application's security gets lowered by that plain HTTP redirect...
Is there any easy solution for non-SSL Keycloak/apps running behind SSL reverse proxy? I
haven't looked into the source code but it seems as a plain redirect which
wouldn't be schema-aware.
Thanks in advance!
Andy
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user