I’d like to try Keycloak using docker on my local system, and I’ve followed steps described in Docker - Keycloak but I’m stuck on step 3 “Login to the admin console” since Keycloak wants an HTTPS connection
We are sorry…
HTTPS required
How Come ? Can this be fixed ? I don’t have much time to spend on this and was expecting a decent demo process… and just a few minute after trying it out I’m already deceived… first impression is that the documentation is not reliable
That sacrifices encryption + it is not very container friendly. I recommend to use https port 8443 (there is self signed cert by default). See Keycloak Docker HTTPS required - Stack Overflow
Thanks for the hint, I found the stackoverflow thread afterwards.
But for my use case, I needed to be sure it could work in http behind a reverse proxy that will handle ssl encryption.
I have to admit the backend administration is very user friendly. I will dig in it more in details to see if I can set it up to work in an AWS ECS cluster.
You don’t need insecure http access, when you have reverse proxy with TLS offloading. Just access keycloak via proxy (of course Keycloak must be aware that is behind reverse proxy, e.g. PROXY_ADDRESS_FORWARDING=true). It is also good idea to have encrypted connection also after reverse proxy.
That’s great thanks a lot! I didn’t expect to get that much helpful resources! That will save me a lot of time for sure.
Regarding https encryption behind a reverse proxy, I do agree it’s a good practice, you can still have man-in-the-middle attacks from your internal network, but IMHO it’s not a must have, but a should have. Well… of course it depends of the services you’re trying to secure… but since we’re dealing with authentication flow here, I guess you’re right, it’s a must have
Thanks for the advice and guidance
Well, when you are going to run your environment in AWS, you should at least know Werner Vogels Keynote from 2017 about encryption, which I mention also in my video here: https://youtu.be/yq1hzNs1JQU?t=63
Dance like no one is watching, encrypt like everyone is!