[keycloak-dev] Keycloak Proxy & X-FORWARDED-PROTO

John D. Ament john.d.ament at gmail.com
Thu Jan 4 17:26:32 EST 2018

Hi Rory,

If you are using a proxy, you need to enable a setting in the undertow web
section of standalone.xml to ensure that proxies are supported.  This is
what I use in 3.2.x:

<http-listener proxy-address-forwarding="true" name="default"
socket-binding="http" redirect-socket="https"/>

I believe you can add this attribute for both http and https.  Once that's
in, I believe all proxying will work.


On Thu, Jan 4, 2018 at 5:19 PM Rory Hart <hartror at gmail.com> wrote:

> I may have found a bug (or lack of feature?) in the proxy. I'm running the
> proxy behind a AWS load balancer which is handling HTTPS but the redirect
> urls that the proxy is generating are HTTP.
> While this isn't blocking usage as HTTP is redirected to HTTPS it is a
> small security hole that I would like to close.
> Is this something wrong with the proxy, a feature that needs to be worked
> on or out of scope of the proxy all together and I should be asking another
> team? (undertow?)
> Thanks
> Rory Hart
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list