[keycloak-user] Mixed Content error because of Keyloack default login redirection

Murat Doner muratfair at gmail.com
Thu Mar 7 08:14:52 EST 2019


Hello,

*INFORMATION NEEDED:*

I use Keycloak (Docker version) behind a Spring project.

(The client side of this project is React and communication between client
and backend is provided by REST services.)

The client side is secured and using "https" scheme.

It is my Spring configuration:

  keycloak:
     auth-server-url:
https://sso-ssoha.b9ad.pro-us-east-1.openshiftapps.com/auth
     realm: master
     resource: clientname
     public-client: true

*THE ROOT OF THE PROBLEM:*

When I click a link from client, it calls a Spring service normally. But
before that, it redirects to default login page of Keycloak with adding
this path *sso/login* to the current "https" url but changing scheme to
"http".

*But, redirecting from https to http create a problem like this:*

Mixed Content: The page at 'https://www.helpful.army/contents/Problem'
was loaded over HTTPS, but requested an insecure resource
'http://serviceha-helpfularmy.b9ad.pro-us-east-1.openshiftapps.com/sso/login'.
This request has been blocked; the content must be served over HTTPS.

Problem on StackOverFlow:
https://stackoverflow.com/questions/55044623/mixed-content-error-because-of-keyloack-default-login-redirection


More information about the keycloak-user mailing list