Greetings,
I am in need of some experienced keycloak advice, I’ve been trying to troubleshoot this error for a few days now.
I’m setting up a new keycloak instance by way of docker-compose, everything is fine until I go to do the first login to the admin master realm with this URL: https://auth.example.com/realms/master/protocol/openid-connect/login-status-iframe.html/init?client_id=security-admin-console&origin=https%3A%2F%2Fauth.example.com
It returns an HTTP 403/unauthorized.
The edge proxy IIS 10 seems to be working fine.
The docker-compose.yaml:
version: '3'
services:
postgres:
image: postgres:latest
env_file:
- ./keycloak-postgres.env
container_name: keycloak-db
restart: unless-stopped
ports:
- '5432:5432'
networks:
- keycloak-network
volumes:
- ./user_db:/var/lib/postgresql/data
keycloak:
container_name: keycloak
image: quay.io/keycloak/keycloak:latest
restart: unless-stopped
env_file:
- ./keycloak-postgres.env
entrypoint: /opt/keycloak/bin/kc.sh -v start
volumes:
- ./keycloak_data/:/opt/keycloak/conf/
ports:
- 8810:8810
- 3130:3130
networks:
- keycloak-network
depends_on:
- postgres
networks:
keycloak-network:
driver: bridge
And the keycloak-postgres.env file:
KC_DB=postgres
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=keycloak
KC_DB_SCHEMA=public
KC_DB_URL_DATABASE=keycloak
KC_DB_URL_HOST=postgres
KC_DB_URL_PORT=5432
KC_HOSTNAME=auth.example.com
KC_HOSTNAME_ADMIN=docker-host.localdomain
KC_HOSTNAME_STRICT=false
KC_HTTPS_CLIENT_AUTH=request
KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key.pem
KC_HTTPS_PORT=3130
KC_HTTP_ENABLED="true"
KC_HTTP_PORT=8810
KC_METRICS_ENABLED=true
KC_PROXY=edge
KC_HOSTNAME_STRICT_BACKCHANNEL=false
KC_HOSTNAME_STRICT_HTTPS=true
KEYCLOAK_ADMIN=Admin
KEYCLOAK_ADMIN_PASSWORD=Admin
PROXY_ADDRESS_FORWARDING=true
POSTGRES_HOST=postgres
POSTGRES_USER=keycloak
POSTGRES_PASSWORD=keycloak
POSTGRES_DB=keycloak
Has anyone seen this before? I’ve messed with probably too many KC_ env variables at this point to see if I could get this to work.
Thanks in advance!