Redirect to https
robert-jboss Apr 10, 2018 6:01 AMI'm running KeyCloak 3.4.3, based on WildFly 11.0 I think, and I would like to redirect http calls to https.
I'm running in Domain mode with 2 server instances.
WildFly is currently available on both port 8080 for http, and port 8443 for https.
The http-listener in both the auth-server-clustered and load-balancer profile was already configured to have redirect-socket="https".
I've tried two ways to redirect the calls.
1) transport-guarantee set to CONFIDENTIAL in module keycloak-server-subsystem web.xml
2) rewrite rule for the load balancer
1)
After setting the transport-guarantee to CONFIDENTIAL I receive the following error in the server instance server.log
UT010053: No confidential port is available to redirect the current request.
https listeners are available for the server instances and load balancer, so I don't understand this error.
2)
I have added a filter-ref and rewrite in the load balancer profile.
Unfortunately it has no effect.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<http-listener name="management" socket-binding="mcmp-management" enable-http2="true"/>
<host name="default-host" alias="localhost">
<filter-ref name="http-to-https" predicate="equals(%p,8080)"/>
<filter-ref name="load-balancer"/>
</host>
</server>
<servlet-container name="default"/>
<filters>
<rewrite name="http-to-https" target="https://%A:8443%U" redirect="true"/>
<mod-cluster name="load-balancer" management-socket-binding="mcmp-management" advertise-socket-binding="modcluster" enable-http2="true" max-retries="3"/>
</filters>
</subsystem>
*)
Because the above attempts didn't work I tried to just remove the http listeners for 8080.
I deleted them in the load balancer and auth-server-clustered profile and in the socket-binding-groups.
After I did this Keycloak/WildFly no longer starts.
"Services that may be the cause:" => ["jboss.remoting.remotingConnectorInfoService.http-remoting-connector"]