SAML, Keycloak and HTTPS

Issue Summary

I have a keycloak server running at and a redash server at The services sit behind an nginx reverse proxy, which handles all the ssl.

Previously I’ve set up a dev server with SAML authentication between the two services without https and could successfully log in (Following these extremely useful steps: [saml] Signature missing for assertion · Issue #2977 · getredash/redash · GitHub).

Now for my production server I need to enforce https. When I go to login the auth request made by redash looks like this:

        <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">redash</ns1:Issuer>
        <ns0:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />

This results in keycloak displaying invalid_redirect_uri and i’m unable to login.

This makes sense, Keycloak should only be able to redirect to but the AssertionConsumerServiceURL above is

Is there a way to tell redash to send https in the authentication request?

Technical details:

  • Redash Version: 8.0.0+b32245 (a16f551e)
  • Browser/OS: google chrome Version 96.0.4664.110 (Official Build) (64-bit)/Ubuntu 20.04
  • How did you install Redash: Docker-compose

Aha, I think I fixed it. In the docker-compose I added the environment variable to the server:


Also in my nginx config I was missing a few headers, editing it so it matches the config on this page makes it work:

1 Like

Thanks for sharing your solution!

Hi, how did you handle the log-out feature from SAML.
Does it work from you side?