[keycloak-dev] Keycloak Proxy & X-FORWARDED-PROTO

Rory Hart hartror at gmail.com
Thu Jan 4 15:49:06 EST 2018

I may have found a bug (or lack of feature?) in the proxy. I'm running the
proxy behind a AWS load balancer which is handling HTTPS but the redirect
urls that the proxy is generating are HTTP.

While this isn't blocking usage as HTTP is redirected to HTTPS it is a
small security hole that I would like to close.

Is this something wrong with the proxy, a feature that needs to be worked
on or out of scope of the proxy all together and I should be asking another
team? (undertow?)


Rory Hart

More information about the keycloak-dev mailing list