403 Forbidden after adding Custom Domain to Azure Web App Host

Hi,

I’ve got KeyCloak 23.0.4 deployed to an Azure Linux web app.
When the KeyCloak Instance uses the default domain Keycloak.azurewebsites.net the service works fine.

When I add a custom domain to the web app and update the KC_HOSTNAME environment variable to the new value I get 403 forbidden errors if I:

  1. Try to have my front end angular application authenticate with KeyCloak.
  2. Sign into the admin console and try to save any changes to the clients.

I have tried setting KC_HOSTNAME_URL and KC_HOSTNAME_ADMIN_URL over the KC_HOSTNAME but get the same error.

The environment is using Azure App Gateway to route traffic, I’ve verified X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host headers have been forwarded.

I’ve created a new KeyCloak DB but this did not help. If I remove the Custom Domain from the host I no longer get the 403.

I’ve enabled logging but see no useful error messages on what is causing the 403 forbidden.

Any advice would be appreciated.

Thanks.