[keycloak-user] Token audience doesn't match domain.

[Juraci Paixão Kröhling]

Are you sending the HTTP header X-Forwarded-Proto to Keycloak?

On 04.01.2016 16:43, Thomas Barcia wrote:
> I have my keycloak 1.6.1-final cluster running behind a Netscaler that
> terminates the SSL connections, therefore communication from the
> Netscaler to Keycloak is http but from the Internet to the Netscaler is
> https.  We’ve managed the rewrites so that logging in works however
> we’re now getting an error that the token audience doesn’t match the
> domain because the issuer is http://keycloakserver but the URL from
> configuration is https://keycloakserver.  Is there a way to make this
> configuration work? When the error says “URL from configuration” does it
> mean the java app configuration or the Keycloak configuration?
>
> Thank you.
>
> *** This communication has been sent from World Fuel Services
> Corporation or its subsidiaries or its affiliates for the intended
> recipient
> only and may contain proprietary, confidential or privileged information.
> If you are not the intended recipient, any review, disclosure, copying,
> use, or distribution of the information included in this communication
> and any attachments is strictly prohibited. If you have received this
> communication in error, please notify us immediately by replying to this
> communication and delete the communication, including any
> attachments, from your computer. Electronic communications sent to or
> from World Fuel Services Corporation or its subsidiaries or its affiliates
> may be monitored for quality assurance and compliance purposes.***
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>