[keycloak-user] keycloak is accessed over HTTPS, but loads AJAX resources over HTTP
mn at fstrk.io
mn at fstrk.io
Thu Nov 14 11:30:15 EST 2019
I deployed a Keycloak instance in a docker container on Heroku. The app
is being served by Heroku load balancer over https.
The JBoss server options I provide are as follows:
-Djboss.bind.address=0.0.0.0 -Djboss.http.port=$PORT
However when I access the admin console I have this error in the browser:
===
The page at
'https://xxx.com/auth/realms/fasttrack/protocol/openid-connect/auth...
was loaded over a secure connection, but contains a form that targets an
insecure endpoint
'http://xxx.com/auth/realms/fasttrack/login-actions/authenticate?....
This endpoint should be made available over a secure connection.
===
why is that? How does Keycloak make a decision to request content over
HTTP when it was served over HTTPS?
Maybe there are some server settings I am missing?
As for setting "Require SSL=None" in the Keycloak admin panel - I
already did that. That didn't help.
--
Михаил Новиков
Ведущий разработчик
fstrk.io
More information about the keycloak-user
mailing list