How to fix "We're sorry HTTPS required" in Keycloak with reverse proxy?

Question

When I try to hit Keycloak 6 behind an Azure gateway (reverse proxy) using SSL/HTTPS I get a "We're Sorry HTTPS Required" error in my browser. In the Keycloak log I see

[org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=x.x.x.x, error=ssl_required

I'm assuming I misconfigured something along the way but I can't figure out what it is.

I followed these instructions to set up SSL in Keycloak 6 behind a reverse proxy:

https://www.keycloak.org/docs/latest/server_installation/index.html#setting-up-https-ssl

I did NOT do any certificate creating/importing because the guide says "If you are not using a reverse proxy or load balancer to handle HTTPS traffic for you, you’ll need to enable HTTPS for the Keycloak server. This involves Obtaining or generating a keystore that contains the private key and certificate for SSL/HTTP traffic Configuring the Keycloak server to use this keypair and certificate."

My question is, do I need to do the certificate creating/importing anyway, even if I'm behind the reverse proxy? If not, any other ideas?

Please note: I am running the Keycloak stand alone server, not using it as an overlay on any other server container like Wildfly

Answer 1

Found the answer on this thread.

why is keycloak removing the SSL in the redirect uri?

Bottom line, you don't need to generate/install the cert AND there is an undocumented attribute

proxy-address-forwarding="true"