Keycloak OpenID http redirect_uri but redirected in https

Gamma December 3, 2021, 12:12pm 1

Hello,

We are trying to configure an openID client with a http shemes redirect_uri but keycloak redirects us in https.

In client’s config :

The client’s request :
https://XXXXXX/auth/realms/XXXXX/protocol/openid-connect/auth?client_id=XXX&state=XXXX&response_type=code&redirect_uri=http://localhost

All seems working (no “invalid redirect uri” message) exept that keycloak redirects browser in https scheme on https://localhost

Is there a way to enable an http redirect_uri ?

Thank you

Gamma December 3, 2021, 12:59pm 2

Okay so after many hours spent on troubleshooting, i found it related to this parameter in nginx reverse proxy :
proxy_redirect http:// https://

That change the Location header scheme to https.

jangaraj December 3, 2021, 11:26pm 3

So you have wrong TLS offloading. Your nginx doesn’t forward correct headers or Keycloak is not configured properly for that.

https://www.keycloak.org/docs/latest/server_installation/#_setting-up-a-load-balancer-or-proxy

Topic		Replies	Views	Activity
Terminal OIDC Client, Keycloak and http redirects Getting advice oidc	7	4536	October 13, 2019
Keycloak-protected webapp behind loadbalancer - wrong redirect_uri by Keycloak Securing applications	0	927	February 5, 2021
Keycloak redirect_uri issue Securing applications authentication	4	5477	January 14, 2022
Keycloak v.15.0.0 + React \| Invalid parameter : redirect uri Configuring the server	2	1537	August 19, 2021
Keycloak 16.1.1 ALB+EC2 Invalid redirect uri for “Valid Redirect URIs with https://*” Configuring the server oidc	1	709	February 28, 2022