Configure TLS for keycloak on openshift
I want to configure SSL on keycloak deployment on openshift. I am using jboss/keycloak image for keycloak deployment which used latest keycloak version 4.6.final. But I read it somewhere that keycloak doesn't accept default TLS certificates available on openshift.
My purpose is to run the keycloak application on https on openshift. It works fine on http, but when I create the route with TLS enabled, it fails to run. I think I am missing some parameter somewhere in the deployment config.
ssl ssl-certificate openshift keycloak keycloak-services
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
add a comment |
I want to configure SSL on keycloak deployment on openshift. I am using jboss/keycloak image for keycloak deployment which used latest keycloak version 4.6.final. But I read it somewhere that keycloak doesn't accept default TLS certificates available on openshift.
My purpose is to run the keycloak application on https on openshift. It works fine on http, but when I create the route with TLS enabled, it fails to run. I think I am missing some parameter somewhere in the deployment config.
ssl ssl-certificate openshift keycloak keycloak-services
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
1
I have run KeyCloak behind a secure route with edge termination (not re-encrypt or passthrough). I can't see anything odd about the configuration except maybe to ensure you have set the environment variablePROXY_ADDRESS_FORWARDINGtotrue. Can you clarify whether you are trying to use edge, re-encrypt or passthrough secure route.
– Graham Dumpleton
Nov 26 '18 at 8:21
I am using edge TLS termination.
– Ayush Ojha
Nov 26 '18 at 8:48
Oh seems like the environment variable was missing. It worked when I added PROXY_ADDRESS_FORWARDING to true. Thanks Graham
– Ayush Ojha
Nov 26 '18 at 8:52
add a comment |
I want to configure SSL on keycloak deployment on openshift. I am using jboss/keycloak image for keycloak deployment which used latest keycloak version 4.6.final. But I read it somewhere that keycloak doesn't accept default TLS certificates available on openshift.
My purpose is to run the keycloak application on https on openshift. It works fine on http, but when I create the route with TLS enabled, it fails to run. I think I am missing some parameter somewhere in the deployment config.
ssl ssl-certificate openshift keycloak keycloak-services
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
I want to configure SSL on keycloak deployment on openshift. I am using jboss/keycloak image for keycloak deployment which used latest keycloak version 4.6.final. But I read it somewhere that keycloak doesn't accept default TLS certificates available on openshift.
My purpose is to run the keycloak application on https on openshift. It works fine on http, but when I create the route with TLS enabled, it fails to run. I think I am missing some parameter somewhere in the deployment config.
ssl ssl-certificate openshift keycloak keycloak-services
ssl ssl-certificate openshift keycloak keycloak-services
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
asked Nov 26 '18 at 6:19
Ayush OjhaAyush Ojha
59111
59111
1
I have run KeyCloak behind a secure route with edge termination (not re-encrypt or passthrough). I can't see anything odd about the configuration except maybe to ensure you have set the environment variablePROXY_ADDRESS_FORWARDINGtotrue. Can you clarify whether you are trying to use edge, re-encrypt or passthrough secure route.
– Graham Dumpleton
Nov 26 '18 at 8:21
I am using edge TLS termination.
– Ayush Ojha
Nov 26 '18 at 8:48
Oh seems like the environment variable was missing. It worked when I added PROXY_ADDRESS_FORWARDING to true. Thanks Graham
– Ayush Ojha
Nov 26 '18 at 8:52
add a comment |
1
I have run KeyCloak behind a secure route with edge termination (not re-encrypt or passthrough). I can't see anything odd about the configuration except maybe to ensure you have set the environment variablePROXY_ADDRESS_FORWARDINGtotrue. Can you clarify whether you are trying to use edge, re-encrypt or passthrough secure route.
– Graham Dumpleton
Nov 26 '18 at 8:21
I am using edge TLS termination.
– Ayush Ojha
Nov 26 '18 at 8:48
Oh seems like the environment variable was missing. It worked when I added PROXY_ADDRESS_FORWARDING to true. Thanks Graham
– Ayush Ojha
Nov 26 '18 at 8:52
1
1
I have run KeyCloak behind a secure route with edge termination (not re-encrypt or passthrough). I can't see anything odd about the configuration except maybe to ensure you have set the environment variable
PROXY_ADDRESS_FORWARDING to true. Can you clarify whether you are trying to use edge, re-encrypt or passthrough secure route.– Graham Dumpleton
Nov 26 '18 at 8:21
I have run KeyCloak behind a secure route with edge termination (not re-encrypt or passthrough). I can't see anything odd about the configuration except maybe to ensure you have set the environment variable
PROXY_ADDRESS_FORWARDING to true. Can you clarify whether you are trying to use edge, re-encrypt or passthrough secure route.– Graham Dumpleton
Nov 26 '18 at 8:21
I am using edge TLS termination.
– Ayush Ojha
Nov 26 '18 at 8:48
I am using edge TLS termination.
– Ayush Ojha
Nov 26 '18 at 8:48
Oh seems like the environment variable was missing. It worked when I added PROXY_ADDRESS_FORWARDING to true. Thanks Graham
– Ayush Ojha
Nov 26 '18 at 8:52
Oh seems like the environment variable was missing. It worked when I added PROXY_ADDRESS_FORWARDING to true. Thanks Graham
– Ayush Ojha
Nov 26 '18 at 8:52
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53475665%2fconfigure-tls-for-keycloak-on-openshift%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53475665%2fconfigure-tls-for-keycloak-on-openshift%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
I have run KeyCloak behind a secure route with edge termination (not re-encrypt or passthrough). I can't see anything odd about the configuration except maybe to ensure you have set the environment variable
PROXY_ADDRESS_FORWARDINGtotrue. Can you clarify whether you are trying to use edge, re-encrypt or passthrough secure route.– Graham Dumpleton
Nov 26 '18 at 8:21
I am using edge TLS termination.
– Ayush Ojha
Nov 26 '18 at 8:48
Oh seems like the environment variable was missing. It worked when I added PROXY_ADDRESS_FORWARDING to true. Thanks Graham
– Ayush Ojha
Nov 26 '18 at 8:52