Reputation: 301
Problem using Keycloack Tomcat Client adapter ACS
I'm using the keycloak client adapter as an SP for to use SAML SSO with an IDP. The SP is expecting the ACS url to be The problem is that the client that connects to the SP is behind a proxy , and all the HTTP requests turn to HTTPS, and it is blocked on the SP level with this exception :
org.keycloak.adapters.saml.profile.AbstractSamlAuthenticationHandler.handleSamlResponse Request URI 'http://example.com/context/saml' does not match SAML request destination 'https://example.com/context/saml'
Is there any way to configure the SP to change its default ACS url expected to be in HTTPS ?
Upvotes: 0
Views: 696
Answers (1)
Reputation: 301
I fixed this issue by configuring tomcat server.xml to accept HTTPS scheme from the proxy on the http port.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyName="proxy.com"
proxyPort="443" scheme="https" />
Upvotes: 1
Related Questions
- Keycloak cannot identify clientAuthenticator from the configuration
- Keycloak with Tomcat: org.keycloak.KeycloakPrincipal cannot be cast to org.keycloak.KeycloakPrincipal
- Tomcat: 403 The server understood the request but refuses to authorize it error after keycloak login
- Spring boot + keycloak application not working when deployed to tomcat
- Tomcat 9 with keycloak configuration
- Keycloak with spring boot issue when deploying on tomcat
- Tomcat is using FormAuthentication instead of the KeyCloak Tomcat Valve SAML Authentication
- Keycloak SAML redirection stuck in loop after logging in
- How to allow Single Sign-On for al clients in keycloak
- Keycloak-Tomcat-Adapter: Is there a alternative path for 'keycloak.json'?