Spring OAuth redirect_uri not using https

Question

I have a Spring Boot 1.3.0 application with Spring Security OAuth included as a sort of SSO integration.

The problem is that the application is running in a non-SSL

Answer 1

You may need to ensure that your application understands x-forwarded headers from your load balancer.

Putting this in my application.yml fixed my very similar problem with an application behind an AWS ELB:

server:
  tomcat:
    remote-ip-header: x-forwarded-for
    protocol-header: x-forwarded-proto

Edit: This can be simplified with the more generic configuration:

server:
  use-forward-headers: true

For Apache Tomcat use RemoteIpValve in server.xml (above AccessLogValve):

See also: https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html.