[keycloak-user] Services behind a Proxy that offloads SSL

Matthew Broadhead matthew.broadhead at nbmlaw.co.uk
Tue Nov 28 05:07:38 EST 2017


which proxy are you using?  this guide helped me proxy behind apache2
http://markus.co/howto/2017/07/27/keycloak-apache.html

On 28/11/2017 10:57, Malte Finsterwalder wrote:
> Thanks for your help, but I can't find anything helpfull in the docs. I
> scanned the complete documentation and read a lot of it.
> Could you point me to a particular chapter?
>
> To clarify: I don't have a problem with Keycloak being behind a proxy, that
> offloads SSL.
>
> I have a problem with the service being behind a proxy. The service itself
> is access via HTTP, since SSL is offloaded on the Proxy.
> The client adapter then creates a redirect URL as HTTP, not HTTPS and
> passes that to Keycloak. So when Keycloak redirects back to the service, it
> uses the HTTP URL provided by the client adapter, which is "wrong".
>
> Thanks,
>     Malte
>
> On 27 November 2017 at 20:26, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> Read the docs. There's a section on how to configure Keycloak properly
>> when you're using a reverse proxy
>>
>> On 27 November 2017 at 17:31, Malte Finsterwalder <inofi at gmx.net> wrote:
>>
>>> Hi there,
>>>
>>> I have a service running in a JBoss server, that I want to secure via the
>>> keycloak adapter.
>>> The server is behind a proxy, that offloads SSL, so the server itself gets
>>> traffic as http.
>>> When the server redirects to keycloak for authentication, the redirect URL
>>> supplied to keycloak is http, not https. How can I ensure, that a redirect
>>> URL is an https URL?
>>>
>>> Greetings,
>>>     Malte
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list