Hi,
I’m using a small k8s cluster on DigitalOcean. I have a DO Loadbalancer that manages my
certificates. This goes in to Traefik my reverse proxy. Everything works great, except:
When a user is sent an email for verification it fails because of the protocol:
23:13:11,352 WARN [org.keycloak.events] (default task-1) type=EXECUTE_ACTION_TOKEN_ERROR,
realmId=test, clientId=null, userId=24406bf4-2b97-4e40-b5d6-4xxxxxxxx,
ipAddress=154.5.nnn.nnn, error=not_allowed, reason='Invalid token issuer. Expected
'https://www.xxxca/auth/realms/test', but was
'http://www.xxx.ca/auth/realms/test'',
token_id=c96e1531-be72-407e-8c4e-071xxxxxxxxx, action=execute-actions
The link itself in the email starts with http that will be redirected to https by the load
balancer.
No sure where the problem is.
Maybe I need to get my proxy Traefik to redirect http to 8443 and use KC’s self-signed
certs?
Thanks,
J.
Show replies by date