4:31 a.m.
Hello community,
We are running a Spring Boot app and app itself is not running HTTPS however our load
balancers where requests are made SSL and passing traffic insecure to backend. However in
this scenario I am unable to get the token verified after successful login. In log
I see that it says :: Adapter requires SSL. Request http://keycloakserver
Keycloak server is supposed to be on https url however it requests http as the app itself
is http. How would you setup such configuration? What am I missing?
Thank you
Salih
2:11 a.m.
Hello Salih,
Me I was suffering a similar issue using the saml2 java adapter in tomcat
[1].
org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleSamlResponse
Request URI 'http://my.domain/ui/saml' does not match SAML request
destination 'https://my.domain/ui/saml'
The back-end connector has no SSL/TLS configured, however I am "cheating"
through the scheme [2] attribute of the connector:
<Connector scheme="https" port="8401"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8402" />
If you are using the embedded tomcat in spring boot I guess that you can
configure it [3]. Or perhaps it would be faster and simpler for a quick
test just deploying the war in an apache tomcat and setting scheme="https".
Hope it helps,
Luis
[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#java-adapte...
[2] https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
[3]
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embe...
El mar., 23 abr. 2019 a las 11:39, Salih Gedik (<sg(a)salih.xyz>) escribió:
Hello community,
We are running a Spring Boot app and app itself is not running HTTPS
however our load balancers where requests are made SSL and passing traffic
insecure to backend. However in this scenario I am unable to get the token
verified after successful login. In log
I see that it says :: Adapter requires SSL. Request http://keycloakserver
Keycloak server is supposed to be on https url however it requests http as
the app itself is http. How would you setup such configuration? What am I
missing?
Thank you
Salih
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
5:38 a.m.
Hello Luis,
Thank you for sharing your solution. I will try to apply this and see what happens!
Salih
--
24.04.2019, 10:15, "Luis Rodríguez Fernández" <uo67113(a)gmail.com>:
Hello Salih,
Me I was suffering a similar issue using the saml2 java adapter in tomcat
[1].
org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleSamlResponse
Request URI 'http://my.domain/ui/saml' does not match SAML request
destination 'https://my.domain/ui/saml'
The back-end connector has no SSL/TLS configured, however I am "cheating"
through the scheme [2] attribute of the connector:
<Connector scheme="https" port="8401"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8402" />
If you are using the embedded tomcat in spring boot I guess that you can
configure it [3]. Or perhaps it would be faster and simpler for a quick
test just deploying the war in an apache tomcat and setting scheme="https".
Hope it helps,
Luis
[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#java-adapte...
[2] https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
[3]
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embe...
El mar., 23 abr. 2019 a las 11:39, Salih Gedik (<sg(a)salih.xyz>) escribió:
> Hello community,
>
> We are running a Spring Boot app and app itself is not running HTTPS
> however our load balancers where requests are made SSL and passing traffic
> insecure to backend. However in this scenario I am unable to get the token
> verified after successful login. In log
> I see that it says :: Adapter requires SSL. Request http://keycloakserver
>
> Keycloak server is supposed to be on https url however it requests http as
> the app itself is http. How would you setup such configuration? What am I
> missing?
>
> Thank you
> Salih
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2092
days inactive
2093
days old
2 comments
2 participants
participants (2)
-
Luis Rodríguez Fernández -
Salih Gedik