I am using Keycloak (version 1.0.4.Final) in JBOSS AS 7.1.1 server. The server is on Amazon AWS.
I am able to start the jboss server with keycloak. i can see the keycloak default screen while hitting the URL - ServerIP:8080/auth
But when i am clicking on the Administration Consolelink to go to the login screen. I am getting a page saying - HTTPS required
The server is on AWS, changing to "ssl-required" : "none",in General Adapter Config has not helped.
How to resolve this issue?
Edit: I was not getting this issue in keycloak-1.2.0.Beta1 version.
19 Answers
I was running the key cloak inside a docker container, The keycloak command line tool was avaialble inside the keycloak container.
docker exec -it {contaierID} bash
cd keycloak/bin
./kcadm.sh config credentials --server --realm master --user admin
./kcadm.sh update realms/master -s sslRequired=NONEIf the admin user is not created, then the user can be created via this command.
./add-user-keycloak.sh --server --realm master --user admin --password adminPasswordUpdate:
For the newer versions the file in available in the following path: /opt/jboss/keycloak/bin
If you want to disable it for your realm and have no possibility to use UI, do it directly on the database:
update REALM set ssl_required='NONE' where id = 'master';Note - Restart keycloak for effect
8You can use the keycloak command line admin tool to change the setting as long as it can authenticate to a local IP address. You can temporarily launch Keycloak on localhost to make this change.
kcadm.sh config credentials --server --realm master --user admin
kcadm.sh update realms/realmname -s sslRequired=NONEObviously, make sure to replace realm names, username, port, etc as required.
For more information on getting started with the Admin CLI, see documentation: Server Administration: Admin CLI
2This is quite old and now on release versions (I am using Keycloak 1.9.3 demo / Developer bundle), however to save some poor soul some time....
Keycloak now defaults to HTTPS for all external IP addresses. Unfortunately, from what I can tell the Wildfly instance that comes with the demo bundle does NOT support HTTPS. Makes for a pretty insane default if you're installing Keycloak on a remote machine as there is effectively no way to access the Keycloak admin console out of the box.
At this point, you have two options; 1) Install HTTPS in Wildfly or 2) Tunnel via SSH into the remote machine and proxy your browser through it, go to the admin console and turn off the SSL requirement (Realm Settings -> Login -> Require SSL). This works because SSL is not required for local connections.
Remember to first create the admin user by going to $KEYCLOAK_HOME/keycloak/bin and running ./add-user-keycloak -r master -u <> -p <>. This add user script is not interactive like the Wildfly add user script is, you need to put it all on the command line.
Hope this helps!
2It's a bit late but I'm sure people will find this useful. If you are using docker to run keycloak, instead of forwarding port 8080, forward 8443 and it works like charm.
docker run -p 8443:8443 -e KEYCLOAK_USER=username -e KEYCLOAK_PASSWORD=password jboss/keycloak 4 I testing in docker keycloak: probe that: Realm Settings -> Login -> Require SSL and put in off. or docker exec YOUR_DOCKER_NAME /opt/jboss/keycloak/bin/jboss-cli.sh --connect \ "/subsystem=undertow/server=default-server/http-listener=default:read-resource"
If you are deploying keycloak on kubernetes you can try setting up following ENV VAR
spec: containers: - name: keycloak env: - name: PROXY_ADDRESS_FORWARDING value: "true" try to connect the keycloak database and update the table
update REALM set ssl_required='EXTERNAL' where name = 'master';then restart docker
docker compose restart Just a complete working docker-compose:
version: '3'
services: keycloak: image: jboss/keycloak:latest environment: - KEYCLOAK_USER=admin - KEYCLOAK_PASSWORD=admin - PROXY_ADDRESS_FORWARDING=true - DB_VENDOR=mysql - DB_ADDR=db - DB_PORT=3306 - DB_DATABASE=keycloak - DB_USER=keycloak - DB_PASSWORD=example ports: - "8181:8080" - "9990:9990" db: image: mysql:5 environment: MYSQL_ROOT_PASSWORD: example MYSQL_DATABASE: keycloak MYSQL_USER: keycloak MYSQL_PASSWORD: example volumes: - ../data-keycloak:/var/lib/mysql ports: - "3309:3306"and then, execute in db:
update REALM set ssl_required='NONE' where name = 'master';Of course, this is not for production unless you're using in a safe environment.