[keycloak-user] Disable strict-transport-security header on /auth url
Tungatkar, Niranjan
Niranjan.Tungatkar at arris.com
Mon Oct 1 15:48:58 EDT 2018
I have a non-homogeneous set of services (https and http) which use keycloak for authentication.
My Keycloak instance supports SSL but the services but other services are http.
I have an admin user which access the https://keycloak-url:31443/auth url for user management.
I disabled the strict transport security header on all the realms, which stops strict-transport-security header being sent and thus preventing redirection to https.
But my problem is whenever the admin user hits the /auth url it sends strict-transport-security header which messes up my angular app.
Is there a way I can configure the response of /auth or the welcome page to stop sending the strict-transport-security header.
Thanks
Niranjan.
More information about the keycloak-user
mailing list