[keycloak-user] Significant SSL issue: Support for reverse proxies

Juraci Paixão Kröhling juraci at kroehling.de
Fri Jun 13 03:50:59 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I faced the exact same issue earlier this week, but with nginx. On a
quick look, the problem seems to be on the JavaScript adapter, which
seems to think that it's being served via non-SSL.

As I haven't had enough time to debug and do a proper fix, the quick
solution was to configure Wildfly to serve Keycloak via SSL and proxy
the request to 8443 instead of 8080. It works, but it's suboptimal.
There are instructions on the documentation on how to setup Wildfly to
serve requests via SSL.

- - Juca.

On 06/13/2014 09:41 AM, Josh wrote:
> Hi guys,
> 
> So looking to help solve this issue possibly or at least get it on
> the radar, I've reported it here:
> https://issues.jboss.org/browse/KEYCLOAK-497
> 
> To breifly recap the issue, when logging in via reverse proxy it
> keeps forwarding the browser from https back to regular http.
> 
> Eg. Apache virtualhost configured as:
> 
> <VirtualHost *:443> ServerName auth.domain.com
> <http://auth.domain.com> SSLEngine On
> 
> <Proxy *> Order deny,allow Allow from all </Proxy>
> 
> ProxyVia                Off ProxyPreserveHost       On 
> ProxyRequests           Off
> 
> ProxyPass               /       http://keycloak.core.docker:8080/ 
> ProxyPassReverse        /       http://keycloak.core.docker:8080/
> 
> 
> </VirtualHost>
> 
> If I were to start looking into the code base, where would I
> start? Trying to find for example during the login process how the
> forward url is formed?
> 
> Thanks,
> 
> Josh
> 
> 
> _______________________________________________ keycloak-user
> mailing list keycloak-user at lists.jboss.org 
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTmq1jAAoJEDnJtskdmzLM+iIIAI/TPlujrVqrFM6u7XqarUB/
RVtgPzsF3cjeKJZQYAxJhBO7eMHYlGsfFwROylV1F397PNvQdOE5E+TBXI/pDwXr
t5PVVVw9ehUVkf2gGLLXWkrniUCxbetKvColKIbRMGSpJuIOnUkLkP6J1J2wHGhl
u5oLYNxLZfhP0Ag5/U9+3Mnezti0yKD7Z1818BtV45+9cCqwV45XqbcwNyoeBCPC
+8iOmg5aFlNki1D/zGZNOkgziLzq8+lmK2yrpZGvSRZ10ShbCj80v72nkBB101Ac
6SYofgywL2CcDCOK1/MEo71pUzaUrXLoNbTT/4v18TSXvCF9M0RUSJSEr8MRvYk=
=jExe
-----END PGP SIGNATURE-----


More information about the keycloak-user mailing list