[keycloak-user] Mixing https/http schemes with sslRequired == all

Orestis Tsakiridis orestis.tsakiridis at telestax.com
Wed Jun 10 06:57:28 EDT 2015


Indeed. I've already switched my application to https.

The reason i'm asking this is because before switching i got blank (no
content) responses from the application's endpoints. HTTP status code was
200 but there was no content returned. At the same time the following
warning appeared in the logs.

12:21:55,085 WARN  [org.keycloak.adapters.RequestAuthenticator]
(http-/192.168.1.39:8080-4) SSL is required to authenticate


On Wed, Jun 10, 2015 at 10:14 AM, Stian Thorgersen <stian at redhat.com> wrote:

>
>
> ----- Original Message -----
> > From: "Orestis Tsakiridis" <orestis.tsakiridis at telestax.com>
> > To: keycloak-user at lists.jboss.org
> > Sent: Wednesday, 10 June, 2015 8:57:01 AM
> > Subject: [keycloak-user] Mixing https/http schemes with sslRequired ==
> all
> >
> > Hello,
> >
> > Can keycloak operate on HTTPS while the REST application it protects
> runs on
> > HTTP?
> >
> > I've also set "Require SSL" to "all requests"
>
> Keycloak only deals with request made to the Keycloak Server and doesn't
> put any restriction on the request to your rest endpoints. However, as you
> are passing the token in requests to your rest endpoints it wouldn't be the
> best idea to not use ssl. Although the risk can be mitigated slightly by
> having short lifespan on access tokens.
>
> >
> >
> > Regards
> >
> > Orestis
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150610/48e9d981/attachment.html 


More information about the keycloak-user mailing list