Invalid redirect uri for "Valid Redirect URIs with https://*"

Hi I have set up the keycloak docker containers behind the aws loadbalancer with ACM SSL certificates. I have created a SAML Client for Zabbix SSO integration.
I am getting “Invalid redirect uri” on the keycloak sso page while adding “https://" on the “Valid Redirect URIs” field. "http://” is working fine. Using aws RDS Mariadb as database.
I have enabled “Require SSL” for “all request” on the Realm setting.
I have followed with JDBC_PING and

What is the full URL of that ‘keycloak sso page’. There is requested redirect url parameter and that one can be really http, so it may work as expected.

I am following
“keycloak sso page” is

I can’t decode SAML request (probably encrypted), but see RelayState:

So I guess also SAML request requests redirect to http and not https - it is working as expected - not a Keycloak issue.

Blind guess: you are using reverse proxy with ssl offloading and you didn’t forwarded info that https must be used to the backend.

Problem seems to be in your infrastructure setup and not in the Keycloak. Maybe Zabbix frontend doesn’t support your setup (ssl offloading with SAML).

Thanks for the quick replay, let me check ssl offloading option

I have allowed http traffic on loadbalancer and now it works on http but on the ‘zabbix’ side “Username attribute” value causing issues, I am getting following error on zabbix due to this value

“The parameter “username” is missing from the user attributes.”

We may need “saml_username_attribute” value here. I tried all the values given on the doc
From keycloak database:-
MariaDB [keycloak]> select * from USER_ATTRIBUTE \G;
*************************** 1. row ***************************
NAME: saml_username_attribute
VALUE: username
USER_ID: 5e913cc5-ab5c-4d73-97ab-6b85d03330ec
ID: 08152161-e0a9-4edf-9468-1f024c500eea
1 row in set (0.001 sec)

Thanks in advance

You should go to the client configuration and need to add an url pattern where you will be redirected after the authentication. You can check the url in the browser and there is a redirect_url= , so that should be added to your client configuration