Hi,
We have deployed Keycloak behind a load balancer which is F5. The OIDC
clients are sitting in public network uses "https" for all communications.
The SSL is terminated in F5 and the packets are forwarded to Keycloak (say
on port 8080).
The OIDC client is designed in a such a way so as to use the endpoints
(like "/token" etc) that it receives in the response for the
".well-known/openid-configuration" request.
The problem here is that the .well-known config is responding with URLs
with protocol as "http" for all the endpoints where as client is expecting
protocol with "https". Because of this client is not able to make secure
connection to these URLs.
Question is - how can we have responses for
".well-known/openid-configuration" request return with endpoints with
protocol *"https"* ; like the one mentioned below
======
{"issuer":"*https*://<domain>/auth/realms/master","authorization_endpoint":"*https*://<domain>/auth/realms/master/protocol/openid-connect/auth","token_endpoint":"https://<domain>/auth/realms/master/protocol/openid-connect/token"
.......}
=============
We have followed the steps mentioned in the documentation
https://www.keycloak.org/docs/2.5/server_installation/topics/clustering/l...
I.e in F5 added the "x-Forwarded-For" and "x-Forwarded-Proto" and
made
the respective keycloak configuration changes as indicated in the
documentation.
Is there any configuration or setting I might be missing?
Arun