Xandar
November 24, 2021, 9:24am
1
I have a Javascript app which is integrated with Keycloak. I uploaded the keycloak to the web server using nginx. Now when I use https to access my app it shows me a screen after login by saying i.e. The information you want to send is not secure This form is sent over a connection that is not completely secure. As a result, your information may be visible to others.
and then after clicking on
Proceed I am directed to the homepage.
Here is my javascript code:
<script src="https://weblink.com/auth/js/keycloak.js"></script>
<script>
var keycloak;
function initKeycloak() {
keycloak = Keycloak({
realm: 'realmName',
url: 'https://weblink.com/auth/',
sslRequired: 'external',
clientId: 'clientName',
publicClient: 'public',
confidentialPort: 0,
});
keycloak.init({onLoad: 'login-required'}).then(function (authenticated) {
console.log("Authenticated");
}).catch(function () {
alert('failed to initialize');
});
}
I don’t know what’s the problem here.
Are you using a self-signed certificate on that domain?
Xandar
November 24, 2021, 10:03am
3
Yes the domain is using Self Signed Certificate
Then this warning is expected until you add an exception in the browser…
Xandar
November 24, 2021, 12:46pm
5
How will I add the exception?
Isn’t there any other way to stop this exception?
That depends on the browser, normally there is a an ‘advanced option’ link somewhere. If not check the browser docs.
For a production system you should always use official certifcates, never self-signed ones.
I have run keycloak with HTTPS, this steps can help you:
1- I setup HTTPS using certificate https://certbot.eff.org/
2- I use keycloak image docker:
docker run -d --name keycloak_15.0.2 -e KEYCLOAK_USER=kc-admin \
-e KEYCLOAK_PASSWORD=1234Pass \
-e PROXY_ADDRESS_FORWARDING=true -p 9090:8080 jboss/keycloak:15.0.2
3-My nginx configuration:
location /auth/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9090;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
client_max_body_size 16m;
}