Excellent, just tested it out and it is working as expected.
I also had to add 'RequestHeader set X-Forwarded-Proto "https"' to my
Apache virtualhost configuration.
Some documentation somewhere that this is required would be useful for the
next guy.
Thanks,
Josh
On Tue, Jun 17, 2014 at 4:58 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
This is quite likely an issue with either Apache or WildFly not
being
configured correctly.
Have you enabled proxy-address-forwarding in WildFly/Undertow (see
https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+conf...
for more info)?
----- Original Message -----
> From: "Josh" <smysnk(a)gmail.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Sent: Monday, 16 June, 2014 4:42:27 PM
> Subject: Re: [keycloak-user] Significant SSL issue: Support for reverse
proxies
>
> The first would be at the "Welcome to Keycloak" page, clicking on
> Administration Console. The link itself is not redirecting to http, but
as
> part of the login page it looks like it forwards back to http. (eg.
>
https://auth.psidox.com/auth/ ->
https://auth.psidox.com/auth/admin/ ->
>
http://auth.psidox.com/auth/admin/master/console ->
>
http://auth.psidox.com/auth/realms/master/tokens/login?client_id=security...
> )
>
> I haven't really gotten too far beyond the login page.
>
> - Josh
>
>
> On Mon, Jun 16, 2014 at 3:33 AM, Stian Thorgersen <stian(a)redhat.com>
wrote:
>
> > When does it forward the browser from https to http?
> >
> > As Bill pointed out, does auth-server-url in your keycloak.json point
to
> > your proxy with https?
> >
> > What adapter are you using?
> >
> > ----- Original Message -----
> > > From: "Josh" <smysnk(a)gmail.com>
> > > To: keycloak-user(a)lists.jboss.org
> > > Sent: Friday, 13 June, 2014 8:41:32 AM
> > > Subject: [keycloak-user] Significant SSL issue: Support for reverse
> > proxies
> > >
> > > Hi guys,
> > >
> > > So looking to help solve this issue possibly or at least get it on
the
> > radar,
> > > I've reported it here:
https://issues.jboss.org/browse/KEYCLOAK-497
> > >
> > > To breifly recap the issue, when logging in via reverse proxy it
keeps
> > > forwarding the browser from https back to regular http.
> > >
> > > Eg. Apache virtualhost configured as:
> > >
> > > <VirtualHost *:443>
> > > ServerName
auth.domain.com
> > > SSLEngine On
> > >
> > > <Proxy *>
> > > Order deny,allow
> > > Allow from all
> > > </Proxy>
> > >
> > > ProxyVia Off
> > > ProxyPreserveHost On
> > > ProxyRequests Off
> > >
> > > ProxyPass /
http://keycloak.core.docker:8080/
> > > ProxyPassReverse /
http://keycloak.core.docker:8080/
> > >
> > >
> > > </VirtualHost>
> > >
> > > If I were to start looking into the code base, where would I start?
> > Trying to
> > > find for example during the login process how the forward url is
formed?
> > >
> > > Thanks,
> > >
> > > Josh
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>