[keycloak-user] Non SSL backend servers through SSL loadbalancer

Luis Rodríguez Fernández uo67113 at gmail.com
Wed Apr 24 03:11:48 EDT 2019


Hello Salih,

Me I was suffering a similar issue using the saml2 java adapter in tomcat
[1].

org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleSamlResponse
Request URI 'http://my.domain/ui/saml' does not match SAML request
destination 'https://my.domain/ui/saml'


The back-end connector has no SSL/TLS configured, however I am "cheating"
through the scheme [2] attribute of the connector:

<Connector scheme="https" port="8401" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8402" />

If you are using the embedded tomcat in spring boot I guess that you can
configure it [3]. Or perhaps it would be faster and simpler for a quick
test just deploying the war in an apache tomcat and setting scheme="https".

Hope it helps,

Luis

[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#java-adapters-2
[2] https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
[3]
https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-web-servers.html





El mar., 23 abr. 2019 a las 11:39, Salih Gedik (<sg at salih.xyz>) escribió:

> Hello community,
>
> We are running a Spring Boot app and app itself is not running HTTPS
> however our load balancers where requests are made SSL and passing traffic
> insecure to backend. However in this scenario I am unable to get the token
> verified after successful login. In log
> I see that it says :: Adapter requires SSL. Request http://keycloakserver
>
> Keycloak server is supposed to be on https url however it requests http as
> the app itself is http. How would you setup such configuration? What am I
> missing?
>
> Thank you
> Salih
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett


More information about the keycloak-user mailing list