[keycloak-user] Non SSL backend servers through SSL loadbalancer

Salih Gedik sg at salih.xyz
Wed Apr 24 06:38:38 EDT 2019


Hello Luis,

Thank you for sharing your solution. I will try to apply this and see what happens!

Salih
-- 


24.04.2019, 10:15, "Luis Rodríguez Fernández" <uo67113 at gmail.com>:
> Hello Salih,
>
> Me I was suffering a similar issue using the saml2 java adapter in tomcat
> [1].
>
> org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleSamlResponse
> Request URI 'http://my.domain/ui/saml' does not match SAML request
> destination 'https://my.domain/ui/saml'
>
> The back-end connector has no SSL/TLS configured, however I am "cheating"
> through the scheme [2] attribute of the connector:
>
> <Connector scheme="https" port="8401" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8402" />
>
> If you are using the embedded tomcat in spring boot I guess that you can
> configure it [3]. Or perhaps it would be faster and simpler for a quick
> test just deploying the war in an apache tomcat and setting scheme="https".
>
> Hope it helps,
>
> Luis
>
> [1]
> https://www.keycloak.org/docs/latest/securing_apps/index.html#java-adapters-2
> [2] https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
> [3]
> https://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-web-servers.html
>
> El mar., 23 abr. 2019 a las 11:39, Salih Gedik (<sg at salih.xyz>) escribió:
>
>>  Hello community,
>>
>>  We are running a Spring Boot app and app itself is not running HTTPS
>>  however our load balancers where requests are made SSL and passing traffic
>>  insecure to backend. However in this scenario I am unable to get the token
>>  verified after successful login. In log
>>  I see that it says :: Adapter requires SSL. Request http://keycloakserver
>>
>>  Keycloak server is supposed to be on https url however it requests http as
>>  the app itself is http. How would you setup such configuration? What am I
>>  missing?
>>
>>  Thank you
>>  Salih
>>
>>  _______________________________________________
>>  keycloak-user mailing list
>>  keycloak-user at lists.jboss.org
>>  https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
>
> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
>
> - Samuel Beckett
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list