[keycloak-user] Non SSL backend servers through SSL loadbalancer
Salih Gedik
sg at salih.xyz
Wed Apr 24 06:38:38 EDT 2019
Hello Luis,
Thank you for sharing your solution. I will try to apply this and see what happens!
Salih
--
24.04.2019, 10:15, "Luis Rodríguez Fernández" <uo67113 at gmail.com>:
> Hello Salih,
>
> Me I was suffering a similar issue using the saml2 java adapter in tomcat
> [1].
>
> org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleSamlResponse
> Request URI 'http://my.domain/ui/saml' does not match SAML request
> destination 'https://my.domain/ui/saml'
>
> The back-end connector has no SSL/TLS configured, however I am "cheating"
> through the scheme [2] attribute of the connector:
>
> <Connector scheme="https" port="8401" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8402" />
>
> If you are using the embedded tomcat in spring boot I guess that you can
> configure it [3]. Or perhaps it would be faster and simpler for a quick
> test just deploying the war in an apache tomcat and setting scheme="https".
>
> Hope it helps,
>
> Luis
>
> [1]
> https://www.keycloak.org/docs/latest/securing_apps/index.html#java-adapters-2
> [2] https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
> [3]
> https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-web-servers.html
>
> El mar., 23 abr. 2019 a las 11:39, Salih Gedik (<sg at salih.xyz>) escribió:
>
>> Hello community,
>>
>> We are running a Spring Boot app and app itself is not running HTTPS
>> however our load balancers where requests are made SSL and passing traffic
>> insecure to backend. However in this scenario I am unable to get the token
>> verified after successful login. In log
>> I see that it says :: Adapter requires SSL. Request http://keycloakserver
>>
>> Keycloak server is supposed to be on https url however it requests http as
>> the app itself is http. How would you setup such configuration? What am I
>> missing?
>>
>> Thank you
>> Salih
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list