[keycloak-user] Putting Keycloak behind a Proxy in Kubernets
Jason Leach
jason.leach at fullboar.ca
Sun Jun 9 19:18:29 EDT 2019
Hi,
I’m using a small k8s cluster on DigitalOcean. I have a DO Loadbalancer that manages my certificates. This goes in to Traefik my reverse proxy. Everything works great, except: When a user is sent an email for verification it fails because of the protocol:
23:13:11,352 WARN [org.keycloak.events] (default task-1) type=EXECUTE_ACTION_TOKEN_ERROR, realmId=test, clientId=null, userId=24406bf4-2b97-4e40-b5d6-4xxxxxxxx, ipAddress=154.5.nnn.nnn, error=not_allowed, reason='Invalid token issuer. Expected 'https://www.xxxca/auth/realms/test', but was 'http://www.xxx.ca/auth/realms/test'', token_id=c96e1531-be72-407e-8c4e-071xxxxxxxxx, action=execute-actions
The link itself in the email starts with http that will be redirected to https by the load balancer.
No sure where the problem is.
Maybe I need to get my proxy Traefik to redirect http to 8443 and use KC’s self-signed certs?
Thanks,
J.
More information about the keycloak-user
mailing list