[keycloak-user] Significant SSL issue: Support for reverse proxies

Juraci Paixão Kröhling juraci at kroehling.de
Fri Jun 13 03:50:59 EDT 2014

Hash: SHA512

I faced the exact same issue earlier this week, but with nginx. On a
quick look, the problem seems to be on the JavaScript adapter, which
seems to think that it's being served via non-SSL.

As I haven't had enough time to debug and do a proper fix, the quick
solution was to configure Wildfly to serve Keycloak via SSL and proxy
the request to 8443 instead of 8080. It works, but it's suboptimal.
There are instructions on the documentation on how to setup Wildfly to
serve requests via SSL.

- - Juca.

On 06/13/2014 09:41 AM, Josh wrote:
> Hi guys,
> So looking to help solve this issue possibly or at least get it on
> the radar, I've reported it here:
> https://issues.jboss.org/browse/KEYCLOAK-497
> To breifly recap the issue, when logging in via reverse proxy it
> keeps forwarding the browser from https back to regular http.
> Eg. Apache virtualhost configured as:
> <VirtualHost *:443> ServerName auth.domain.com
> <http://auth.domain.com> SSLEngine On
> <Proxy *> Order deny,allow Allow from all </Proxy>
> ProxyVia                Off ProxyPreserveHost       On 
> ProxyRequests           Off
> ProxyPass               /       http://keycloak.core.docker:8080/ 
> ProxyPassReverse        /       http://keycloak.core.docker:8080/
> </VirtualHost>
> If I were to start looking into the code base, where would I
> start? Trying to find for example during the login process how the
> forward url is formed?
> Thanks,
> Josh
> _______________________________________________ keycloak-user
> mailing list keycloak-user at lists.jboss.org 
> https://lists.jboss.org/mailman/listinfo/keycloak-user

Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the keycloak-user mailing list