wildfly ssl fixes

integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java

@@ -242,7 +242,8 @@ public abstract class OAuthRequestAuthenticator {
     protected AuthChallenge resolveCode(String code) {
         // abort if not HTTPS
         if (deployment.isSslRequired() && !isRequestSecure()) {
-            log.error("SSL is required");
+
+            log.error("Adapter requires SSL. Request: " + facade.getRequest().getURI());
             return challenge(403);
         }
 

integration/undertow/src/main/java/org/keycloak/adapters/undertow/ServletKeycloakAuthMech.java

@@ -51,12 +51,22 @@ public class ServletKeycloakAuthMech implements AuthenticationMechanism {
     }
 
     protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
-        int confidentialPort = 8443;
+
-        if (portManager != null) confidentialPort = portManager.getConfidentialPort(exchange);
+        int confidentialPort = getConfidentilPort(exchange);
         return new ServletRequestAuthenticator(facade, deployment,
                 confidentialPort, securityContext, exchange, userSessionManagement);
     }
 
+    protected int getConfidentilPort(HttpServerExchange exchange) {
+        int confidentialPort = 8443;
+        if (exchange.getRequestScheme().equalsIgnoreCase("HTTPS")) {
+            confidentialPort = exchange.getHostPort();
+        } else if (portManager != null) {
+            confidentialPort = portManager.getConfidentialPort(exchange);
+        }
+        return confidentialPort;
+    }
+
     @Override
     public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) {
         AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY);

integration/undertow/src/main/java/org/keycloak/adapters/undertow/UndertowHttpFacade.java

@@ -6,6 +6,7 @@ import io.undertow.server.handlers.CookieImpl;
 import io.undertow.util.AttachmentKey;
 import io.undertow.util.Headers;
 import io.undertow.util.HttpString;
+import org.jboss.logging.Logger;
 import org.keycloak.KeycloakSecurityContext;
 import org.keycloak.adapters.AuthChallenge;
 import org.keycloak.adapters.HttpFacade;
@@ -24,6 +25,7 @@ import java.util.Map;
  * @version $Revision: 1 $
  */
 public class UndertowHttpFacade implements HttpFacade {
+    private static final Logger log = Logger.getLogger(UndertowHttpFacade.class);
     public static final AttachmentKey<KeycloakSecurityContext> KEYCLOAK_SECURITY_CONTEXT_KEY = AttachmentKey.create(KeycloakSecurityContext.class);
 
     protected HttpServerExchange exchange;
@@ -41,7 +43,8 @@ public class UndertowHttpFacade implements HttpFacade {
 
         @Override
         public boolean isSecure() {
-            return exchange.getProtocol().toString().equalsIgnoreCase("https");
+            String protocol = exchange.getRequestScheme();
+            return protocol.equalsIgnoreCase("https");
         }
 
         @Override

integration/wildfly-adapter/src/main/java/org/keycloak/adapters/wildfly/WildflyAuthenticationMechanism.java

@@ -24,7 +24,8 @@ public class WildflyAuthenticationMechanism extends ServletKeycloakAuthMech {
 
     @Override
     protected ServletRequestAuthenticator createRequestAuthenticator(KeycloakDeployment deployment, HttpServerExchange exchange, SecurityContext securityContext, UndertowHttpFacade facade) {
+        int confidentialPort = getConfidentilPort(exchange);
         return new WildflyRequestAuthenticator(facade, deployment,
-                portManager.getConfidentialPort(exchange), securityContext, exchange, userSessionManagement);
+                confidentialPort, securityContext, exchange, userSessionManagement);
     }
 }