[keycloak-user] Significant SSL issue: Support for reverse proxies

Josh smysnk at gmail.com
Fri Jun 13 13:06:23 EDT 2014 

I'm talking more about the login, registration, administration on the key
cloak server, all the links revert https back to http.  I haven't got
around to testing the adapters yet.


On Fri, Jun 13, 2014 at 6:42 AM, Bill Burke <bburke at redhat.com> wrote:

> Was the adapter not configured right?  It should be pointed to the auth
> server's reverse-proxy URL.
>
> On 6/13/2014 3:50 AM, Juraci Paixão Kröhling wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > I faced the exact same issue earlier this week, but with nginx. On a
> > quick look, the problem seems to be on the JavaScript adapter, which
> > seems to think that it's being served via non-SSL.
> >
> > As I haven't had enough time to debug and do a proper fix, the quick
> > solution was to configure Wildfly to serve Keycloak via SSL and proxy
> > the request to 8443 instead of 8080. It works, but it's suboptimal.
> > There are instructions on the documentation on how to setup Wildfly to
> > serve requests via SSL.
> >
> > - - Juca.
> >
> > On 06/13/2014 09:41 AM, Josh wrote:
> >> Hi guys,
> >>
> >> So looking to help solve this issue possibly or at least get it on
> >> the radar, I've reported it here:
> >> https://issues.jboss.org/browse/KEYCLOAK-497
> >>
> >> To breifly recap the issue, when logging in via reverse proxy it
> >> keeps forwarding the browser from https back to regular http.
> >>
> >> Eg. Apache virtualhost configured as:
> >>
> >> <VirtualHost *:443> ServerName auth.domain.com
> >> <http://auth.domain.com> SSLEngine On
> >>
> >> <Proxy *> Order deny,allow Allow from all </Proxy>
> >>
> >> ProxyVia                Off ProxyPreserveHost       On
> >> ProxyRequests           Off
> >>
> >> ProxyPass               /       http://keycloak.core.docker:8080/
> >> ProxyPassReverse        /       http://keycloak.core.docker:8080/
> >>
> >>
> >> </VirtualHost>
> >>
> >> If I were to start looking into the code base, where would I
> >> start? Trying to find for example during the login process how the
> >> forward url is formed?
> >>
> >> Thanks,
> >>
> >> Josh
> >>
> >>
> >> _______________________________________________ keycloak-user
> >> mailing list keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> >
> > iQEcBAEBCgAGBQJTmq1jAAoJEDnJtskdmzLM+iIIAI/TPlujrVqrFM6u7XqarUB/
> > RVtgPzsF3cjeKJZQYAxJhBO7eMHYlGsfFwROylV1F397PNvQdOE5E+TBXI/pDwXr
> > t5PVVVw9ehUVkf2gGLLXWkrniUCxbetKvColKIbRMGSpJuIOnUkLkP6J1J2wHGhl
> > u5oLYNxLZfhP0Ag5/U9+3Mnezti0yKD7Z1818BtV45+9cCqwV45XqbcwNyoeBCPC
> > +8iOmg5aFlNki1D/zGZNOkgziLzq8+lmK2yrpZGvSRZ10ShbCj80v72nkBB101Ac
> > 6SYofgywL2CcDCOK1/MEo71pUzaUrXLoNbTT/4v18TSXvCF9M0RUSJSEr8MRvYk=
> > =jExe
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140613/e573658f/attachment.html

More information about the keycloak-user mailing list