[keycloak-user] keycloak is accessed over HTTPS, but loads AJAX resources over HTTP

[mn at fstrk.io]

I deployed a Keycloak instance in a docker container on Heroku. The app 
is being served by Heroku load balancer over https.


The JBoss server options I provide are as follows:

-Djboss.bind.address=0.0.0.0 -Djboss.http.port=$PORT


However when I access the admin console I have this error in the browser:

===

The page at 
'https://xxx.com/auth/realms/fasttrack/protocol/openid-connect/auth... 
was loaded over a secure connection, but contains a form that targets an 
insecure endpoint 
'http://xxx.com/auth/realms/fasttrack/login-actions/authenticate?.... 
This endpoint should be made available over a secure connection.

===


why is that? How does Keycloak make a decision to request content over 
HTTP when it was served over HTTPS?

Maybe there are some server settings I am missing?


As for setting "Require SSL=None" in the Keycloak admin panel - I 
already did that. That didn't help.




-- 
Михаил Новиков
Ведущий разработчик
fstrk.io