You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

This page describes what needs to be configured so that Keycloak can be used in combination with HTTPS.

It is assumed that

  • Blueriq version 15.4 or later is used (earlier versions do not support HTTPS with Keycloak)
  • HTTPS for the Studio is already configured and working in IIS
  • The Studio is configured to use the OIDC authentication mode
  • All internal requests between IIS and Keycloak will be plain HTTP

IIS Configuration

The main goal of this section is to add HTTP headers to the requests that are forwarded to Keycloak, these headers are:

  • X-Forwarded-For
  • X-Forwarded-Host
  • X-Forwarded-Proto

Keycloak requires these headers to be available to function correctly behind a HTTPS proxy.

Server

Server > Application Request Routing Cache > Server Proxy Settings:

  • Check "Enable Proxy"
  • Check "Reverse rewrite host in response headers"
  • Set "Preserve client IP in the following header:" to X-Forwarded-For
  • Check "Include TCP port from client IP"

Blueriq site

URL Rewrite > View Server Variables

  • Add HTTP_X_Forwarded_Host
  • Add HTTP_X_Forwarded_Proto

URL Rewrite > ReverseProxy_Keycloak > Server variables

  • Add HTTP_X_Forwarded_Host = {HTTP_HOST}
  • Add HTTP_X_Forwarded_Proto = https

Identity folder > URL Rewrite > Identity_Keycloak > Server variables

  • Add HTTP_X_Forwarded_Host = {HTTP_HOST}
  • Add HTTP_X_Forwarded_Proto = https

Keycloak Configuration

In this section we configure Keycloak so that it is aware that it is being hosted behind a HTTPS domain, for example so that any URLs it returns in responses contain the correct protocol, hostname and port. After this configuration, Keycloak will only be available via the configured hostname and port, and not via the internal port.

First, from the Services control panel, stop the Blueriq Keycloak Service

Update configuration

Edit [INSTALL_FOLDER]\tools\Keycloak\conf\keycloak.conf :

Remove property

  • hostname

Add properties

  • hostname=[HOSTNAME]
  • hostname-port=[PORT]
  • hostname-admin=[HOSTNAME]

In the [INSTALL_FOLDER]\tools\Keycloak\bin folder:

  • From the command line run kc build 


From the Services control panel, start the Blueriq Keycloak Service.

Didn't find the answer you were looking for? Try the advanced search