Description

I faced an issue by configuring :

hostname-port=443.
hostname-admin-url=https://mydomain/keycloak

I tried to access the console with https://mydomain/keycloak and stay blocked on the spinning waiting page without any clue. Let's try to improve that :)

Discussion

No response

Motivation

To gain time in configuration resolution

Details

With a reverse proxy nginx and keycloak, login in admin console lead to be blocked on :

/realms/master/protocol/openid-connect/login-status-iframe.html/init?client_id=security-admin-console ....

With a 204 return code and no other errors. I had to explore keycloak source code to find the cause ; this test failed in keycloak.js : if ((event.origin !== loginIframe.iframeOrigin) in keycloak.js

After a (lot of) time of search, it appears that it compares : https://mydomain/keycloak and https://mydomain:443/keycloak

because I'd setup hostname-port to 443 in keycloak.config removing hostname-port make it works.

My keycloak configuration :

hostname=mydomain  
proxy=reencrypt  
hostname-strict=false  
#hostname-port=443  
hostname-path=keycloak  
http-relative-path=keycloak  
hostname-admin-url=https://mydomain/keycloak

2 ways to improve it :

  1. maybe add some lines in documentation to take care of this particular port as it is removed from adress bar by browser
  2. put a warn log in the keycloak.js for error case or if it creates to many logs, use a log level to add more information on keycloak behavior on client side ?
0
© 2022 pullanswer.com - All rights reserved.