[keycloak-user] Significant SSL issue: Support for reverse proxies
bburke at redhat.com
Fri Jun 13 08:42:04 EDT 2014
Was the adapter not configured right? It should be pointed to the auth
server's reverse-proxy URL.
On 6/13/2014 3:50 AM, Juraci Paixão Kröhling wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> I faced the exact same issue earlier this week, but with nginx. On a
> seems to think that it's being served via non-SSL.
> As I haven't had enough time to debug and do a proper fix, the quick
> solution was to configure Wildfly to serve Keycloak via SSL and proxy
> the request to 8443 instead of 8080. It works, but it's suboptimal.
> There are instructions on the documentation on how to setup Wildfly to
> serve requests via SSL.
> - - Juca.
> On 06/13/2014 09:41 AM, Josh wrote:
>> Hi guys,
>> So looking to help solve this issue possibly or at least get it on
>> the radar, I've reported it here:
>> To breifly recap the issue, when logging in via reverse proxy it
>> keeps forwarding the browser from https back to regular http.
>> Eg. Apache virtualhost configured as:
>> <VirtualHost *:443> ServerName auth.domain.com
>> <http://auth.domain.com> SSLEngine On
>> <Proxy *> Order deny,allow Allow from all </Proxy>
>> ProxyVia Off ProxyPreserveHost On
>> ProxyRequests Off
>> ProxyPass / http://keycloak.core.docker:8080/
>> ProxyPassReverse / http://keycloak.core.docker:8080/
>> If I were to start looking into the code base, where would I
>> start? Trying to find for example during the login process how the
>> forward url is formed?
>> _______________________________________________ keycloak-user
>> mailing list keycloak-user at lists.jboss.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
JBoss, a division of Red Hat
More information about the keycloak-user