[keycloak-user] Spring Security - URL schema in "redirect_uri" generation
Andy Yar
andyyar66 at gmail.com
Fri Feb 19 10:56:40 EST 2016
Howdy,
I use 1.8.0-Final integrated with Spring Security (which itself is
integrated into Grails) using OpenID Connect method. The Keycloak and all
integrated apps run behind a nginx SSL reverse proxy. Realm's SSL is set
to: "ssl-required": "external".
My issue is related to initial "redirect_uri" generation.
When I'm logged out and try to access a protected resource via a HTTPS
request, I receive 302 response with Location URL starting with plain HTTP
scheme. Apparently the Location goes to the "redirect_uri" attribute and
therefore it tries to redirect me back here after a successful login.
Of course, it is possible to add both HTTP and HTTPS schemas as allowed
redirect URI patterns. However, application's security gets lowered by that
plain HTTP redirect...
Is there any easy solution for non-SSL Keycloak/apps running behind SSL
reverse proxy? I haven't looked into the source code but it seems as a
plain redirect which wouldn't be schema-aware.
Thanks in advance!
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160219/d56b8f58/attachment.html
More information about the keycloak-user
mailing list