[keycloak-user] Keycloak on Kubernetes - HTTPS required
Pavlov, Yordan
yordan.pavlov at sap.com
Wed Jun 20 10:26:11 EDT 2018
Hi all,
I’m evaluating Keycloak as IAM for one open source project [1], so far, I’ve tested it successfully on a minikube (local) Kubernetes cluster and I want to run it in on a real cluster.
The real cluster (created by Gardener [2]) is running on AWS and the access to the Keycloak is exposed through an Ingress controller [3].
We’ve also installed “cert-manager” for automated certificates management of Let’s Encrypt issued certificates.
So far so good, but when I try to login to the “Admin Console” I get the following error:
“We're sorry... HTTPS required”
In the logs of the pod, there is the following warning:
“WARN [org.keycloak.events] (default task-12) type=LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=100.96.0.6, error=ssl_required”
As far as I understand, the Let’s Encrypt certificated is trusted by the browsers and it appears to be trusted by the OpenJDK also [4].
Then what should be done in order to access the Admin Console?
Last but not least, we are using jboss/keycloak:latest image (I know that we should be using some stable version like 4.0.0, but it appears that the issue is not related to the image version).
Regards,
Yordan Pavlov
[1] ProMART: https://github.com/promart-io | https://www.promart.io/
[2] Gardener: https://github.com/gardener
[3] Keycloak: https://kkk.ingress.promart.promart.shoot.canary.k8s-hana.ondemand.com
[4] DST Root CA X3: https://bugs.openjdk.java.net/browse/JDK-8154757
More information about the keycloak-user
mailing list