[keycloak-dev] Keycloak Proxy & X-FORWARDED-PROTO
John D. Ament
john.d.ament at gmail.com
Thu Jan 4 17:26:32 EST 2018
Hi Rory,
If you are using a proxy, you need to enable a setting in the undertow web
section of standalone.xml to ensure that proxies are supported. This is
what I use in 3.2.x:
<http-listener proxy-address-forwarding="true" name="default"
socket-binding="http" redirect-socket="https"/>
I believe you can add this attribute for both http and https. Once that's
in, I believe all proxying will work.
John
On Thu, Jan 4, 2018 at 5:19 PM Rory Hart <hartror at gmail.com> wrote:
> I may have found a bug (or lack of feature?) in the proxy. I'm running the
> proxy behind a AWS load balancer which is handling HTTPS but the redirect
> urls that the proxy is generating are HTTP.
>
> While this isn't blocking usage as HTTP is redirected to HTTPS it is a
> small security hole that I would like to close.
>
> Is this something wrong with the proxy, a feature that needs to be worked
> on or out of scope of the proxy all together and I should be asking another
> team? (undertow?)
>
> Thanks
>
> Rory Hart
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list