Hello,

I had a working setup of a Java web application running on machine A secured by keycloak  on machine B (login.restcomm.com).  The application running on A provides a REST api is used from the UI. The application also contains a UI (angular) that accesses the REST api. login.restcomm.com is the keycloak running on docker and resolves to 172.17.42.1 (overriden in /etc/hosts). I'm using keycloak 1.2.0.Final. Both the UI and the REST api have been secured and the application worked fine with "ssl-required" -> "external".

I switched keycloak configuration to HTTPS (using "all") and i'm experience the following:

Login seems to work fine. When trying to access the UI i'm redirected to https://login.restcomm.com, i login and back to the UI. BUT, the request to A's services though succesfull (200 OK) return blank content. As if the adapter get in the way and overrides the response. I'm also getting the following message in A's log:

12:21:55,083 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (http-/192.168.1.39:8080-4) adminRequest http://192.168.1.39:8080/restcomm-rvd/api/projects
12:21:55,085 WARN  [org.keycloak.adapters.RequestAuthenticator] (http-/192.168.1.39:8080-4) SSL is required to authenticate

http://192.168.1.39:8080/restcomm-rvd/api/projects is the endpoint that is supposed to return a block of JSON.

The same happens when trying to access the endpoint directly using an independent REST client. I get back a 200 OK and the same message appears in the log but there is no content in the response.

Keep in mind that HTTPS is only enabled for accessing keycloak. The web application still runs on HTTP. Is this supported?

I have also made various experiments in keycloak.json (for the REST api) starting from this:

{
  "realm": "restcomm",
  "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
  "bearer-only": true,
  "auth-server-url": "https://login.restcomm.com/auth",
  "ssl-required": "all",
  "disable-trust-manager": true,
  "resource": "restcomm-rvd",
  "enable-cors": true
}

down to this:

{
  "realm": "restcomm",
  "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
  "bearer-only": true,
  "auth-server-url": "https://login.restcomm.com/auth",
  "ssl-required": "all",
  "allow-any-hostname":true,
  "disable-trust-manager": false,
  "truststore": "/tmp/trusted_keycloak.jks",
  "truststore-password" : "password",
  "resource": "restcomm-rvd"
}


Any pointers will be great help.

Thanks in advance

Orestis