[keycloak-user] Significant SSL issue: Support for reverse proxies
smysnk at gmail.com
Fri Jun 13 13:06:23 EDT 2014
I'm talking more about the login, registration, administration on the key
cloak server, all the links revert https back to http. I haven't got
around to testing the adapters yet.
On Fri, Jun 13, 2014 at 6:42 AM, Bill Burke <bburke at redhat.com> wrote:
> Was the adapter not configured right? It should be pointed to the auth
> server's reverse-proxy URL.
> On 6/13/2014 3:50 AM, Juraci Paixão Kröhling wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> > I faced the exact same issue earlier this week, but with nginx. On a
> > seems to think that it's being served via non-SSL.
> > As I haven't had enough time to debug and do a proper fix, the quick
> > solution was to configure Wildfly to serve Keycloak via SSL and proxy
> > the request to 8443 instead of 8080. It works, but it's suboptimal.
> > There are instructions on the documentation on how to setup Wildfly to
> > serve requests via SSL.
> > - - Juca.
> > On 06/13/2014 09:41 AM, Josh wrote:
> >> Hi guys,
> >> So looking to help solve this issue possibly or at least get it on
> >> the radar, I've reported it here:
> >> https://issues.jboss.org/browse/KEYCLOAK-497
> >> To breifly recap the issue, when logging in via reverse proxy it
> >> keeps forwarding the browser from https back to regular http.
> >> Eg. Apache virtualhost configured as:
> >> <VirtualHost *:443> ServerName auth.domain.com
> >> <http://auth.domain.com> SSLEngine On
> >> <Proxy *> Order deny,allow Allow from all </Proxy>
> >> ProxyVia Off ProxyPreserveHost On
> >> ProxyRequests Off
> >> ProxyPass / http://keycloak.core.docker:8080/
> >> ProxyPassReverse / http://keycloak.core.docker:8080/
> >> </VirtualHost>
> >> If I were to start looking into the code base, where would I
> >> start? Trying to find for example during the login process how the
> >> forward url is formed?
> >> Thanks,
> >> Josh
> >> _______________________________________________ keycloak-user
> >> mailing list keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.22 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> > iQEcBAEBCgAGBQJTmq1jAAoJEDnJtskdmzLM+iIIAI/TPlujrVqrFM6u7XqarUB/
> > RVtgPzsF3cjeKJZQYAxJhBO7eMHYlGsfFwROylV1F397PNvQdOE5E+TBXI/pDwXr
> > t5PVVVw9ehUVkf2gGLLXWkrniUCxbetKvColKIbRMGSpJuIOnUkLkP6J1J2wHGhl
> > u5oLYNxLZfhP0Ag5/U9+3Mnezti0yKD7Z1818BtV45+9cCqwV45XqbcwNyoeBCPC
> > +8iOmg5aFlNki1D/zGZNOkgziLzq8+lmK2yrpZGvSRZ10ShbCj80v72nkBB101Ac
> > 6SYofgywL2CcDCOK1/MEo71pUzaUrXLoNbTT/4v18TSXvCF9M0RUSJSEr8MRvYk=
> > =jExe
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> Bill Burke
> JBoss, a division of Red Hat
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user