[keycloak-user] Significant SSL issue: Support for reverse proxies
Stian Thorgersen
stian at redhat.com
Tue Jun 17 06:58:34 EDT 2014
This is quite likely an issue with either Apache or WildFly not being configured correctly.
Have you enabled proxy-address-forwarding in WildFly/Undertow (see https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration for more info)?
----- Original Message -----
> From: "Josh" <smysnk at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Monday, 16 June, 2014 4:42:27 PM
> Subject: Re: [keycloak-user] Significant SSL issue: Support for reverse proxies
>
> The first would be at the "Welcome to Keycloak" page, clicking on
> Administration Console. The link itself is not redirecting to http, but as
> part of the login page it looks like it forwards back to http. (eg.
> https://auth.psidox.com/auth/ -> https://auth.psidox.com/auth/admin/ ->
> http://auth.psidox.com/auth/admin/master/console ->
> http://auth.psidox.com/auth/realms/master/tokens/login?client_id=security-admin-console&redirect_uri=http%3A%2F%2Fauth.psidox.com%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=2ae3dfaa-fe7c-4973-8932-ffea553d8dfe&response_type=code
> )
>
> I haven't really gotten too far beyond the login page.
>
> - Josh
>
>
> On Mon, Jun 16, 2014 at 3:33 AM, Stian Thorgersen <stian at redhat.com> wrote:
>
> > When does it forward the browser from https to http?
> >
> > As Bill pointed out, does auth-server-url in your keycloak.json point to
> > your proxy with https?
> >
> > What adapter are you using?
> >
> > ----- Original Message -----
> > > From: "Josh" <smysnk at gmail.com>
> > > To: keycloak-user at lists.jboss.org
> > > Sent: Friday, 13 June, 2014 8:41:32 AM
> > > Subject: [keycloak-user] Significant SSL issue: Support for reverse
> > proxies
> > >
> > > Hi guys,
> > >
> > > So looking to help solve this issue possibly or at least get it on the
> > radar,
> > > I've reported it here: https://issues.jboss.org/browse/KEYCLOAK-497
> > >
> > > To breifly recap the issue, when logging in via reverse proxy it keeps
> > > forwarding the browser from https back to regular http.
> > >
> > > Eg. Apache virtualhost configured as:
> > >
> > > <VirtualHost *:443>
> > > ServerName auth.domain.com
> > > SSLEngine On
> > >
> > > <Proxy *>
> > > Order deny,allow
> > > Allow from all
> > > </Proxy>
> > >
> > > ProxyVia Off
> > > ProxyPreserveHost On
> > > ProxyRequests Off
> > >
> > > ProxyPass / http://keycloak.core.docker:8080/
> > > ProxyPassReverse / http://keycloak.core.docker:8080/
> > >
> > >
> > > </VirtualHost>
> > >
> > > If I were to start looking into the code base, where would I start?
> > Trying to
> > > find for example during the login process how the forward url is formed?
> > >
> > > Thanks,
> > >
> > > Josh
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
More information about the keycloak-user
mailing list