I try to setup Keycloak to protect my angular SPA.
In Keycloak I have setup a realm and two clients (for frontend and backend).
I want all users of the app to be logged in, so I initialize Keycloak with onLoad: 'login-required'.
When I load the SPA at localhost:4200 it redirects to the keycloak login page and I can login (I see the session in the keycloak admin console).
The problem:
After logging in, I am redirected to https://localhost:4200 instead of http://localhost:4200.
I don't set anything to https. Also the valid redirect url is set to http://localhost:4200
The only difference to all the tutorials I have compared my code to is, that I use a remote keycloak server to test (not a local keycloak instance). The remote keycloak instance is called via https.
{
config: {
url: 'https://auth.mydomain.com',
realm: 'mydomain.com',
clientId: 'frontend'
},
initOptions: {
onLoad: 'login-required'
}
}
I just tried with a local keycloak instance and my configured redirect works here.
Is there a way to use the remote keycloak instance without it changing my redirect path to https?
Found the problem.
In my case the reverse-proxy (nginx) in front of the keycloak server had the following configuration
With this line, nginx replace all occurrences of 'http://' with 'https://'
"in the “Location” and “Refresh” header fields of a proxied server" [nginx docs]