From 7918e282bf42c08f40f966089535f1acc931f93a Mon Sep 17 00:00:00 2001
From: kklinch0 <kklinch0@gmail.com>
Date: Wed, 30 Jul 2025 16:07:22 +0300
Subject: [PATCH 1/2] keycloak enable cookie-secure

Signed-off-by: kklinch0 <kklinch0@gmail.com>
---
 .../system/keycloak-configure/templates/configure-kk.yaml     | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml
index adee11b6..00673c03 100644
--- a/packages/system/keycloak-configure/templates/configure-kk.yaml
+++ b/packages/system/keycloak-configure/templates/configure-kk.yaml
@@ -200,7 +200,7 @@ spec:
     - groups
     - kubernetes-client
   redirectUris:
-    - "http://dashboard.{{ $host }}/oauth2/callback/*"
+    - "https://dashboard.{{ $host }}/oauth2/callback/*"
     {{- range $i, $v := $extraRedirectUris }}
     - "{{ $v }}"
     {{- end }}
@@ -223,8 +223,6 @@ data:
         clientSecret: {{ $kubeappsClient }}
         cookieSecret: {{ $cookieSecret }}
         extraFlags:
-          - --ssl-insecure-skip-verify
-          - --cookie-secure=false
           - --scope=openid email groups
           - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy
 

From 1ab63187c97d65134dcd9ccca208730260642490 Mon Sep 17 00:00:00 2001
From: klinch0 <68821526+klinch0@users.noreply.github.com>
Date: Thu, 31 Jul 2025 17:13:25 +0300
Subject: [PATCH 2/2] Update
 packages/system/keycloak-configure/templates/configure-kk.yaml

Co-authored-by: Timofei Larkin <lllamnyp@gmail.com>
Signed-off-by: klinch0 <68821526+klinch0@users.noreply.github.com>
---
 packages/system/keycloak-configure/templates/configure-kk.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml
index 00673c03..c49a3889 100644
--- a/packages/system/keycloak-configure/templates/configure-kk.yaml
+++ b/packages/system/keycloak-configure/templates/configure-kk.yaml
@@ -223,6 +223,7 @@ data:
         clientSecret: {{ $kubeappsClient }}
         cookieSecret: {{ $cookieSecret }}
         extraFlags:
+          - --cookie-secure
           - --scope=openid email groups
           - --oidc-issuer-url=https://keycloak.{{ $host }}/realms/cozy