[keycloak-user] Configuration of Load Balancer with the Keycloak server
Stian Thorgersen
stian at redhat.com
Tue Aug 18 07:54:22 EDT 2015
As long as X-Forwarded-Proto is set to https Keycloak won't complain about https not being enabled.
----- Original Message -----
> From: "Thomas Connolly" <thomas_connolly at yahoo.com>
> To: keycloak-user at lists.jboss.org
> Sent: Tuesday, 18 August, 2015 1:33:16 PM
> Subject: [keycloak-user] Configuration of Load Balancer with the Keycloak server
>
> Hi
> Looking for advise on deploying keycloak behind an F5 load balancer.
>
> An F5 has been setup with a pool pointing to two keycloak servers.
> The browser connection to the F5 is using https, the F5 terminates the SSL
> and forwards to one of the unencrypted keycloak servers on port 8080.
> The problem is that when hitting the admin console, https://fqdn/auth/admin,
> a 302 redirect lands on
> http://fqdn/auth/realms/master/tokens/login?client_id=... not maintaining
> the https protocol resulting in the login page not displaying as only https
> requests are allowed.
>
> In the docs there is a section about using a reverse proxy i.e.
>
> 3.2.6.2. Enable SSL on a Reverse Proxy
> http://keycloak.github.io/docs/userguide/html/server-installation.html#d4e336
>
> It is not clear to me, I have not tried yet, if this configuration terminates
> ssl at the web server and then handles the 302 redirect back on the https
> protocol of the web server.
>
> I'm asking as I need to find out how to X-Forwarded-For and X-Forwarded-Proto
> to the fqdn and the protocol https. And then raise tickets which could take
> time to complete. Essentially I'm verifying that I'm configuring wildfly
> undertow and sockets correctly and the F5 forwarding headers.
>
> Regards
> Tom Connolly
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list