Missing "Secure;" flag in the Keycloak's Response header

184 views

Skip to first unread message

Balaji C V

unread,

Jul 22, 2021, 5:11:11 AM7/22/21

to Keycloak User

Hi,

We are using Keycloak 12.0.4 with the Node Js as middleware and Postgresql as a database and noticed that when we hit the Node Js application URL, the cookie is not secured even when the SSL required option of the Realm login is set to "all requests". Please let us know how can we secure the cookie.

Sample keycloak.json:

---------------------

{

"realm": "test_realm",

"auth-server-url": "https://test.application.com/auth/",

"ssl-required": "all",

"resource": "Test",

"public-client": true,

"verify-token-audience": true,

"use-resource-role-mappings": true,

"confidential-port": 0

}

Thanks in advance.

kc_secure_missing.png

Reply all

Reply to author

Forward

0 new messages