blocks|key|2613252|text|我用以下步骤解决了这个问题和类似的问题：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2613253|(1)前端侧：|offset|length|style|BOLD|2613254|您知道，www.helpful.army是一个教育项目，它的接口运行在React上，它位于NGINX服务器中。因此，我在默认的NGINX服务器配置中添加了强制标题：|2613255|location+/+{
++++++++try_files+$uri+/index.html;
++++++++proxy_set_header+X-Forwarded-Proto+$scheme;
++++++++**add_header+Access-Control-Allow-Origin+*;**

++++}|code-block|syntax|javascript|2613256|(2)后端：|2613257|我已经为Spring后端创建了一个不同的客户端在Keycloak上，并将其设置为一个“只支持”的客户机。|2613258|keycloak:
+auth-server-url:+https://sso-ssoha.b9ad.pro-us-east-1.openshiftapps.com/auth
+realm:+master
+resource:+serviceha
+bearer-only:+true
+ssl-required:+"external"
+confidential-port:+0
+verify-token-audience:+true|2613259|我还为application.yml添加了以下配置：|2613260|+server:
++++port:+8443
++++remote_ip_header:+x-forwarded-for
++++protocol_header:+x-forwarded-proto
++++use-forward-headers:+true|2613261|(3)我将所有端口从接口改为后端为8443|2613262|entityMap|0|LINK|mutability|MUTABLE|url|https://www.helpful.army/^0|0|0|7|0|4|G|0|0|0|0|6|0|0|0|0|0|0|L|0^^$0|@$1|2|3|4|5|6|7|18|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|19|8|@$D|1A|E|1B|F|G]]|9|@]|A|$]]|$1|H|3|I|5|6|7|1C|8|@]|9|@$D|1D|E|1E|1|1F]]|A|$]]|$1|J|3|K|5|L|7|1G|8|@]|9|@]|A|$M|N]]|$1|O|3|P|5|6|7|1H|8|@$D|1I|E|1J|F|G]]|9|@]|A|$]]|$1|Q|3|R|5|6|7|1K|8|@]|9|@]|A|$]]|$1|S|3|T|5|L|7|1L|8|@]|9|@]|A|$M|N]]|$1|U|3|V|5|6|7|1M|8|@]|9|@]|A|$]]|$1|W|3|X|5|L|7|1N|8|@]|9|@]|A|$M|N]]|$1|Y|3|Z|5|6|7|1O|8|@$D|1P|E|1Q|F|G]]|9|@]|A|$]]|$1|10|3|-4|5|6|7|1R|8|@]|9|@]|A|$]]]|11|$12|$5|13|14|15|A|$16|17]]]]

I have solved this problem and similar ones with these steps:
(1) Frontend side:
You know, <a href="https://www.helpful.army" rel="nofollow noreferrer">www.helpful.army</a> is an educational project which has an interface running on React and it is in NGINX server.
So, I appended the default NGINX server config with mandatory headers:
<pre><code>location / {
 try_files $uri /index.html;
 proxy_set_header X-Forwarded-Proto $scheme;
 **add_header Access-Control-Allow-Origin *;**

 }
</code></pre>
(2) Backend side:
I have created a different client on Keycloak just for the Spring-Boot backend and set is as a &quot;Bearer-only&quot; one.
<pre><code>keycloak:
 auth-server-url: https://sso-ssoha.b9ad.pro-us-east-1.openshiftapps.com/auth
 realm: master
 resource: serviceha
 bearer-only: true
 ssl-required: &quot;external&quot;
 confidential-port: 0
 verify-token-audience: true
</code></pre>
I also add this configuration for application.yml:
<pre><code> server:
 port: 8443
 remote_ip_header: x-forwarded-for
 protocol_header: x-forwarded-proto
 use-forward-headers: true
</code></pre>
(3) I have changed all ports from interface to backend as 8443

blocks|key|2613293|text|似乎我们需要让密钥披风web服务器知道我们使用的是代理，https://serverfault.com/questions/1000567/keycloak-blank-page-behind-nginx-reverse-proxy，在设置了PROXY_ADDRESS_FORWARDING变量之后，它就可以工作了。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|2613294|entityMap|0|LINK|mutability|MUTABLE|url|https://serverfault.com/questions/1000567/keycloak-blank-page-behind-nginx-reverse-proxy^0|S|2G|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

it seems that we need let keycloak web server aware of we are using proxy, <a href="https://serverfault.com/questions/1000567/keycloak-blank-page-behind-nginx-reverse-proxy">https://serverfault.com/questions/1000567/keycloak-blank-page-behind-nginx-reverse-proxy</a>, after set PROXY_ADDRESS_FORWARDING variable, it works.

blocks|key|1118085|text|当我迁移到密钥披风X时，我也遇到了同样的问题。从密钥披风17开始，PROXY_ADDRESS_FORWARDING.没有设置。对于我来说，设置proxy=passthrough+helped.Check+https://www.keycloak.org/server/all-config以获得更多细节。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|1118086|entityMap|0|LINK|mutability|MUTABLE|url|https://www.keycloak.org/server/all-config^0|X|O|1Z|H|2U|16|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@$9|O|A|P|B|C]|$9|Q|A|R|B|C]]|D|@$9|S|A|T|1|U]]|E|$]]|$1|F|3|-4|5|6|7|V|8|@]|D|@]|E|$]]]|G|$H|$5|I|J|K|E|$L|M]]]]

I had the same problem when I migrated to Keycloak X. Starting from Keycloak 17, there is no setting for PROXY_ADDRESS_FORWARDING.
For me setting the proxy=passthrough helped.Check <a href="https://www.keycloak.org/server/all-config" rel="nofollow noreferrer">https://www.keycloak.org/server/all-config</a> for more details.

blocks|key|428421|text|在较新版本的keycloak中，您可以使用值proxy配置passthrough设置。对于docker，您希望通过环境变量KC_PROXY=passthrough+(keycloack配置文档)传递设置。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|428422|entityMap|0|LINK|mutability|MUTABLE|url|https://www.keycloak.org/server/configuration#_configuration_commands_and_stages^0|M|5|T|B|1P|K|2B|D|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@$9|O|A|P|B|C]|$9|Q|A|R|B|C]|$9|S|A|T|B|C]]|D|@$9|U|A|V|1|W]]|E|$]]|$1|F|3|-4|5|6|7|X|8|@]|D|@]|E|$]]]|G|$H|$5|I|J|K|E|$L|M]]]]

In newer version of keycloak you can configure the <code>proxy</code> setting with the value <code>passthrough</code>. In the case of docker, you want to pass the setting via the environement variable <code>KC_PROXY=passthrough</code> (<a href="https://www.keycloak.org/server/configuration#_configuration_commands_and_stages" rel="nofollow noreferrer">keycloack config docs</a>).

INFORMATION NEEDED:

I use Keycloak (Docker version) behind a Spring project.

(The client side of this project is React and communication between client and backend is provided by REST services.)

The client side is secured and using "https" scheme.

It is my Spring configuration:

<pre><code> keycloak:
 auth-server-url: https://sso-ssoha.b9ad.pro-us-east-1.openshiftapps.com/auth
 realm: master
 resource: clientname
 public-client: true
</code></pre>

THE ROOT OF THE PROBLEM:

When I click a link from client, it calls a Spring service normally.
But before that, it redirects to default login page of Keycloak with adding this path sso/login to the current "https" url but changing scheme to "http".

But, redirecting from https to http create a problem like this:

<pre><code>Mixed Content: The page at 'https://www.helpful.army/contents/Problem' was loaded over HTTPS, but requested an insecure resource 'http://serviceha-helpfularmy.b9ad.pro-us-east-1.openshiftapps.com/sso/login'. This request has been blocked; the content must be served over HTTPS.
</code></pre>

Mixed Content error because of Keycloak default login redirection

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋 

腾讯云代码助手

CODING DevOps

Cloud Studio

SDK中心

API中心

命令行工具

需要信息：我在Spring项目后面使用Keycloak (Docker版本)。(该项目的客户端是React，客户端和后端之间的通信由REST服务提供。)客户端是安全的，并使用"https“方案。这是我的Spring配置：  keycloak:     auth-server-url: https://sso-ssoha...

问由于Keycloak默认登录重定向而导致的混合内容错误
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问由于Keycloak默认登录重定向而导致的混合内容错误EN