When I try to hit Keycloak behind an Azure gateway (envoy proxy proxy) using SSL/HTTPS I get a "We're Sorry HTTPS Required" error in my browser. In the Keycloak log I see
[org.keycloak.events] (executor-thread-1) type=LOGIN_ERROR, realmId=1e37bfc2-e503-47c2-9e2a-a3653de4cde3, clientId=null, userId=null, ipAddress=3.110.84.205, error=ssl_required
I followed these instructions to set up SSL in Keycloak 6 behind a reverse proxy:
https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl
Related
I have an amazon application load balancer with ssl certificate listening to 443 and forwarding to 80 on private ec2 instances. All worked fine until I integrated the saml authentification. The saml identity provider forwards back to http://mydomain instead of the https://mydomain and I get a "Host not found". I have tried a number of proxy_ssl_engine settings in the Apache config but they don't work, or resulted in a 463 error. Does anyone know what Apache config will solve the "Host not found" Error? somehow I need to get back to ssl..
When I try to hit Keycloak 6 behind an Azure gateway (reverse proxy) using SSL/HTTPS I get a "We're Sorry HTTPS Required" error in my browser. In the Keycloak log I see
[org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=x.x.x.x, error=ssl_required
I'm assuming I misconfigured something along the way but I can't figure out what it is.
I followed these instructions to set up SSL in Keycloak 6 behind a reverse proxy:
https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl
I did NOT do any certificate creating/importing because the guide says "If you are not using a reverse proxy or load balancer to handle HTTPS traffic for you, you’ll need to enable HTTPS for the Keycloak server. This involves
Obtaining or generating a keystore that contains the private key and certificate for SSL/HTTP traffic
Configuring the Keycloak server to use this keypair and certificate."
My question is, do I need to do the certificate creating/importing anyway, even if I'm behind the reverse proxy? If not, any other ideas?
Please note: I am running the Keycloak stand alone server, not using it as an overlay on any other server container like Wildfly
Found the answer on this thread.
why is keycloak removing the SSL in the redirect uri?
Bottom line, you don't need to generate/install the cert AND there is an undocumented attribute
proxy-address-forwarding="true"
I have a asp.net core app with signalR, working perfectly on development machine and iis too. but when I published to nginx(reverse-proxy) throws an error: failed: Error during WebSocket handshake: Unexpected response code: 200. I found that websocket works better on ssl so I installed self-signed ssl, still problem remains the same. Thanks in advance.
You'll have to configure Nginx to proxy websocket connections, it does not handle websocket connections by default. See http://nginx.org/en/docs/http/websocket.html and NGINX to reverse proxy websockets AND enable SSL (wss://)? for further information about enabling websockets for Nginx.
I've tried to enable SSL on my Cloudflare account for my asset subdomains, but I see the following error in Chrome:
This site can’t provide a secure connection
a1.staging.domain.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
And this in Firefox:
Secure Connection Failed
An error occurred during a connection to a1.staging.domain.com. Peer reports it experienced an internal error. Error code:
SSL_ERROR_INTERNAL_ERROR_ALERT
I followed this up with Cloudflare support. Turns out that this is due to the limitation that the Cloudflare issued SSL cert is only valid for a single subdomain. So *.domain.com will work, but *.staging.domain.com won't.
More info here:
https://support.cloudflare.com/hc/en-us/articles/200170566-Why-isn-t-SSL-working-for-my-site-
I installed shibboleth idp and i configured server.xml connector port 8443 to use idp.jsk for ssl connetion. When i navigated to http://localhost:8080/idp/profile/Status, page appears with "ok" , but when i navigate to https://localhost:8443/idp/status, page appears with "SSL connection error"
What can i do to fix this problem ?