One thing I see is that your X-Forwarded-Proto header is wrong, it should be https and not http. Please take a look at the documentation at https://www.keycloak.org/docs/latest/server_installation/index.html# identifying-client-ip-addresses for how to configure your reverse-proxy. Also make sure that you have set "proxy-address-forwarding=true" in your standalone.xml configuration of Wildfly. Greetings Henning Am Di., 25. Sep. 2018 um 18:37 Uhr schrieb Corentin Dupont < corentin.dupont(a)gmail.com&gt;: > Hello, > wWhen opening the admin console: https://keycloak.mysite.com/auth/admin/. > > The page is redirecting to: > https://keycloak.mysite.com/auth/realms/master/protocol/ > openid-connect/auth?client_id=security-admin-console& > redirect_uri=https%3A%2F%2Fkeycloak.mysite.com%2Fauth% > 2Fadmin%2Fmaster%2Fconsole%2F&state=580747dc-8471-40be-8d9c- > e63af68cf605&response_mode=fragment&response_type=code& > scope=openid&nonce=28c85baa-6c76-44d9-8f4a-796a58d29383 > > But I get this message: > Invalid parameter: redirect_uri > > It seems that keycloak doesn't like the https in the redirect. Can it be? > > > My Keycloak is behind a reverse proxy. > I setup the following tags in standalone.xml: > > <http-listener name="default" socket-binding="http" enable-http2="true" > proxy-address-forwarding="true" redirect-socket="proxy-https"/> > <socket-binding name="proxy-https" port="443"/> > > My reverse proxy is also setting headers: Host, X-Real-IP, > X-Forwarded-For, > X-Forwarded-Proto. > > Using tcpdump, I can see the following headers: > GET > /auth/resources/4.4.0.final/login/keycloak/node_modules/ > patternfly/dist/fonts/OpenSans-Light-webfont.woff2 > HTTP/1.0 > Host: keycloak.staging.waziup.io > X-Real-IP: 18.195.197.182 > X-Forwarded-For: 217.77.82.229, 18.195.197.182 > X-Forwarded-Proto: http > Connection: close > User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) > Gecko/20100101 > Firefox/62.0 > Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/ > *;q=0.8 > Accept-Language: en-US,en;q=0.5 > Accept-Encoding: identity > Referer: > https://keycloak.staging.waziup.io/auth/resources/4.4. > 0.final/login/keycloak/node_modules/patternfly/dist/css/patternfly.css > Cookie: _ga=GA1.2.823033289.1537866165; _gid=GA1.2.861449812.1537866165 > Pragma: no-cache > Cache-Control: no-cache > > Are they correct? > Thanks a lot > Corentin > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- ----------- Henning Waack | IT Consultant codecentric AG | Hochstraße 11 <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... | <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... Solingen <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... |Deutschland <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... tel: +49 (0)151 108 515 29 www.codecentric.de <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... | <https://maps.google.com/?q=Hochstra%C3%9Fe+11%C2%A0+%7C+%C2%A0+42697+Soli... blog.codecentric.de | www.meettheexperts.de Sitz der Gesellschaft: Solingen | HRB 25917 | Amtsgericht Wuppertal Vorstand: Michael Hochgürtel . Ulrich Kühn . Rainer Vehns Aufsichtsrat: Patric Fedlmeier (Vorsitzender) . Klaus Jäger . Jürgen Schütz Diese E-Mail einschließlich evtl. beigefügter Dateien enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail und evtl. beigefügter Dateien umgehend. Das unerlaubte Kopieren, Nutzen oder Öffnen evtl. beigefügter Dateien sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.