Univention Bugzilla – Bug 56304
Keycloak and HSTS settings
Last modified: 2023-07-11 10:55:38 CEST
Keycloak by default sends "Strict-Transport-Security: max-age=31536000; includeSubDomains". curl https://ucs-sso-ng.$(hostname -d)/ -i In UCS HSTS is configured via the UCR variables "apache2/hsts", "apache2/hsts/.*". This is by default disabled. UCS uses self-signed certificates. When browsing once to https://ucs-sso-ng.$domainname/ every access to http:// https:// of the system is prevented until you import the root ca certificate into the browser.