Re: [keycloak-user] Mixing https/http schemes with sslRequired == all

From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com&gt; To: "Stian Thorgersen" <stian(a)redhat.com&gt; Cc: keycloak-user(a)lists.jboss.org Sent: Wednesday, 10 June, 2015 12:57:28 PM Subject: Re: [keycloak-user] Mixing https/http schemes with sslRequired == all Indeed. I've already switched my application to https. The reason i'm asking this is because before switching i got blank (no content) responses from the application's endpoints. HTTP status code was 200 but there was no content returned. At the same time the following warning appeared in the logs. 12:21:55,085 WARN [org.keycloak.adapters.RequestAuthenticator] (http-/192.168.1.39:8080-4) SSL is required to authenticate

On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian(a)redhat.com&gt; wrote: > > > ----- Original Message ----- > > From: "Orestis Tsakiridis" <orestis.tsakiridis(a)telestax.com&gt; > > To: keycloak-user(a)lists.jboss.org > > Sent: Wednesday, 10 June, 2015 8:57:01 AM > > Subject: [keycloak-user] Mixing https/http schemes with sslRequired == > all > > > > Hello, > > > > Can keycloak operate on HTTPS while the REST application it protects > runs on > > HTTP? > > > > I've also set "Require SSL" to "all requests" > > Keycloak only deals with request made to the Keycloak Server and doesn't > put any restriction on the request to your rest endpoints. However, as you > are passing the token in requests to your rest endpoints it wouldn't be the > best idea to not use ssl. Although the risk can be mitigated slightly by > having short lifespan on access tokens. > > > > > > > Regards > > > > Orestis > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user >