Hi,
I’ve got KeyCloak 23.0.4 deployed to an Azure Linux web app.
When the KeyCloak Instance uses the default domain Keycloak.azurewebsites.net the service works fine.
When I add a custom domain to the web app and update the KC_HOSTNAME environment variable to the new value I get 403 forbidden errors if I:
- Try to have my front end angular application authenticate with KeyCloak.
- Sign into the admin console and try to save any changes to the clients.
I have tried setting KC_HOSTNAME_URL and KC_HOSTNAME_ADMIN_URL over the KC_HOSTNAME but get the same error.
The environment is using Azure App Gateway to route traffic, I’ve verified X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host headers have been forwarded.
I’ve created a new KeyCloak DB but this did not help. If I remove the Custom Domain from the host I no longer get the 403.
I’ve enabled logging but see no useful error messages on what is causing the 403 forbidden.
Any advice would be appreciated.
Thanks.