4:09 p.m.
Reference: https://issues.jboss.org/browse/KEYCLOAK-9889
The reverse proxy in use has HTTPS enabled, “X-Forward-Proto along” with all it’s variants
are set. Additionally I have enabled “PROXY_ADDRESS_FORWARDING” by setting this to true
and “KEYCLOAK_ALWAYS_HTTPS” to false, yet attempting to access the Administration Console,
I’m met with “We’re sorry: HTTPS required”. Despite having a HTTPS Proxy, the necessary
headers set, Address Forwarding enabled, and Always HTTPS disabled, I’m still unable to
access my Administration Console.
I’ve linked a reference to the bug which is eerie similar to the same thing I’m
experiencing currently, except that report was filled back on Version 5.0, and we are
currently on 6.0, with 8.0 right on the horizon. Is there something missing here to
disable this HTTPS check that appears to not function properly? If reverse proxying IS
unsupported (which it shouldn’t be by any means), then this should be explicitly written
in the documentation to prevent anyone from further attempting applying TLS in this
manner.
2 a.m.
From the issue you are linking to it looks like the issue may be that
the
redirect_uri (the application trying to authenticate) is not using HTTPS.
At what point are you seeing this error? Is it while during a login to an
application or when accessing Keycloak directly (account console, admin
console, etc.)?
On Sun, 11 Aug 2019 at 23:11, Carrington Ellis <starz0rdesign(a)gmail.com>
wrote:
Reference: https://issues.jboss.org/browse/KEYCLOAK-9889
The reverse proxy in use has HTTPS enabled, “X-Forward-Proto along” with
all it’s variants are set. Additionally I have enabled
“PROXY_ADDRESS_FORWARDING” by setting this to true and
“KEYCLOAK_ALWAYS_HTTPS” to false, yet attempting to access the
Administration Console, I’m met with “We’re sorry: HTTPS required”. Despite
having a HTTPS Proxy, the necessary headers set, Address Forwarding
enabled, and Always HTTPS disabled, I’m still unable to access my
Administration Console.
I’ve linked a reference to the bug which is eerie similar to the same
thing I’m experiencing currently, except that report was filled back on
Version 5.0, and we are currently on 6.0, with 8.0 right on the horizon. Is
there something missing here to disable this HTTPS check that appears to
not function properly? If reverse proxying IS unsupported (which it
shouldn’t be by any means), then this should be explicitly written in the
documentation to prevent anyone from further attempting applying TLS in
this manner.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1954
days inactive
1965
days old
1 comments
2 participants
participants (2)
-
Carrington Ellis -
Stian Thorgersen