Clicking admin panel from localhost redirects to hostname with invalid parameter

Configuring the server
1

On KC18 installed with JDK16 I have the following in conf/keycloak.conf:

db=postgres
...
proxy=edge
hostname=keycloak.example.com
hostname-admin=localhost
# with this as true or false results are the same
http-enabled=true

When I load http://localhost:8080, it loads the welcome page, but when I click Administration Console, which is a link to http://localhost:8080/admin/, that page attempts to redirect to https://keycloak.example.com/realms/... and loads Keycloak We are sorry… page with Invalid parameter: redirect_uri and a link back to application.

And this message is displayed in the terminal:

2022-07-11 15:41:41,689 WARN  [org.keycloak.events] (executor-thread-0) type=LOGIN_ERROR, realmId=7a22d1e9..., clientId=security-admin-console, userId=null, ipAddress=192.0.2.58, error=invalid_redirect_uri, redirect_uri=http://localhost:8080/admin/master/console/

The guides state to block /admin/ at the proxy, so I’m not clear how to access otherwise.

I think this is a bug so just looking to see if someone else is able to make this work.

2

Wouldn’t it be enough to change the “Valid Redirect URIs” of the security-admin-console client, from /admin/master/console/* to /master/console/*?

3

In my requests using localhost, I’m not going through a proxy (I’m actually doing this through an ssh session using ssh -L...).

For the proxy, your suggestion may technically load the page, but wouldn’t that defeat the stated purpose of reducing the attack surface?