1 Reply Latest reply on Apr 18, 2018 8:36 AM by Robert Van Loenhout

    Redirect to https

    Robert Van Loenhout Newbie

      I'm running KeyCloak 3.4.3, based on WildFly 11.0 I think, and I would like to redirect http calls to https.

      I'm running in Domain mode with 2 server instances.

      WildFly is currently available on both port 8080 for http, and port 8443 for https.

      The http-listener in both the auth-server-clustered and load-balancer profile was already configured to have redirect-socket="https".


      I've tried two ways to redirect the calls.

      1) transport-guarantee set to CONFIDENTIAL in module keycloak-server-subsystem web.xml

      2) rewrite rule for the load balancer



      After setting the transport-guarantee to CONFIDENTIAL I receive the following error in the server instance server.log

      UT010053: No confidential port is available to redirect the current request.


      https listeners are available for the server instances and load balancer, so I don't understand this error.



      I have added a filter-ref and rewrite in the load balancer profile.

      Unfortunately it has no effect.


                  <subsystem xmlns="urn:jboss:domain:undertow:4.0">

                      <buffer-cache name="default"/>

                      <server name="default-server">

                          <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>

                          <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>

                          <http-listener name="management" socket-binding="mcmp-management" enable-http2="true"/>

                          <host name="default-host" alias="localhost">

                              <filter-ref name="http-to-https" predicate="equals(%p,8080)"/>

                              <filter-ref name="load-balancer"/>



                      <servlet-container name="default"/>


                          <rewrite name="http-to-https" target="https://%A:8443%U" redirect="true"/>

                          <mod-cluster name="load-balancer" management-socket-binding="mcmp-management" advertise-socket-binding="modcluster" enable-http2="true" max-retries="3"/>






      Because the above attempts didn't work I tried to just remove the http listeners for 8080.

      I deleted them in the load balancer and auth-server-clustered profile and in the socket-binding-groups.

      After I did this Keycloak/WildFly no longer starts.

      "Services that may be the cause:" => ["jboss.remoting.remotingConnectorInfoService.http-remoting-connector"]