[keycloak-user] Mixing https/http schemes with sslRequired == all

Stian Thorgersen stian at redhat.com
Wed Jun 10 03:14:06 EDT 2015



----- Original Message -----
> From: "Orestis Tsakiridis" <orestis.tsakiridis at telestax.com>
> To: keycloak-user at lists.jboss.org
> Sent: Wednesday, 10 June, 2015 8:57:01 AM
> Subject: [keycloak-user] Mixing https/http schemes with sslRequired == all
> 
> Hello,
> 
> Can keycloak operate on HTTPS while the REST application it protects runs on
> HTTP?
> 
> I've also set "Require SSL" to "all requests"

Keycloak only deals with request made to the Keycloak Server and doesn't put any restriction on the request to your rest endpoints. However, as you are passing the token in requests to your rest endpoints it wouldn't be the best idea to not use ssl. Although the risk can be mitigated slightly by having short lifespan on access tokens.

> 
> 
> Regards
> 
> Orestis
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list