On 06/13/2014 02:42 PM, Bill Burke wrote:
Was the adapter not configured right? It should be pointed to the
auth server's reverse-proxy URL.
Sorry, it seems I was wrong in saying that I had the exact same
problem. The problem wasn't an infinite redirect (I had this problem
earlier, but on my app sending redirects to the /auth).
The problem I had *this time* were in fact two:
- I have a redirect from http to https on nginx, and
Strict-Transport-Security on the https. With this setup, the first
request is always sent to https, and all subsequent requests are
automatically to https. On an out-of-the-box installation, when
hitting the admin console, Keycloak uses a redirect_uri with the
https, which renders an "invalid_uri".
- Manually changing the redirect_uri query parameter to http renders
makes it work, in the sense that I can login as admin/admin and change
the password. After that, I get a blank screen. On Firebug, I see that
requested from https://localhost
). The exact message on the console is:
Blocked loading mixed active content
keycloak.js line 278
Which is the place where I put the breakpoint and found out that the
generated URL is http, even though keycloak.js itself is loaded from
But my setup is as I mentioned earlier: nginx in front of wildfly,
with nginx being the only part caring about SSL. Making the proxy talk
with Wildfly also on SSL makes the problem go away.