Keycloak 7.0.1: Login to Admin Console: open-id-connect uses http

VM10963 keycloak.js:716 Mixed Content: The page at ‘https://keycloak-some.domain/auth/admin/master/console/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘http://keycloak-some.domain.capital/auth/realms/master/protocol/openid-connect/token’. This request has been blocked; the content must be served over HTTPS.

How can I configure the Master Realm to request the openid-connect token over HTTPS?

It looks like your Keycloak is behind reverse proxy:
https://www.keycloak.org/docs/latest/server_installation/#_setting-up-a-load-balancer-or-proxy

Yes behind an ALB.
For AWS ECS this did the trick: https://hub.docker.com/r/jboss/keycloak/
Adding PROXY_ADDRESS_FORWARDING=true did the trick

Hello, I’'m stuck with HTTP issue on Keycloak starting from 7.0.1 version, up to 10.0.2.
I’m running it in K8s, with the standard manifest but with additional env var for the DB connection.
Version 7.0.1 used to work fine for quite a bit on my K8S setup (RKE on a bunch of DigitalOcean droplets). Moving now to OCI, a new LB layer is in front of K8S, which poses no issues to all other workloads… except Keycloak! OCI LB do pass X- HTTP headers, and the env “PROXY_ADDRESS_FORWARDING=true” is in place.
What am I missing now?

By the way there’s this line in the code:

<script src="http://keycloak.my.domain/auth/js/keycloak.js?version=iyxuz" type="text/javascript"></script>

while all other are well-formed, as anyone should write his HTML:

<script src="/auth/resources/iyxuz/admin/keycloak/js/app.js" type="text/javascript"></script>
  • No mention to Server URL
  • No mention to Connection Scheme

I’m really worried now, as this bug seems to affect all 10 releases between 8.0.0 and 10.0.2…

1 Like

Has this issue been solved? We are getting the same issue with 11.0.3