[HTTPS] Underlying input stream returned zero bytes

jiny · June 23, 2022, 4:32am

Hi everyone,

I tested all the features I needed via http; works all good.
Now, using RootCA certificate, I modified keycloak.conf > kc.sh build > kc.sh start

The admin console login page seems fine.
It has the lock sign on the left of the url, and I can enter ID/PW to submit the form.
But when I submit the form, the log shows “Underlying input stream returned zero bytes”,
not allowing me to actually get in the console and modify the features I want.

This always happened in 17.0.0, 17.0.1, 18.0.0 version.
With 18.0.1 version, it sometimes allows me to access https and sometimes not.

(1) Is there any way I can completely fix this issue?

I’m also considering using http for keycloak admin/account console
(and us https for other clients)

So I tried

“update REALM set ssl_required = ‘NONE’ where id = ‘master’;” in DB > NOT WORKING
set “http-enabled=true” in conf > NOT WORKING
added valid redirec_uri “http:///admin/master/console/*” in Clients (Master/security-admin-console) > NOT WORKING

It always redirected me to https login page for http:///admin…

(2) How can I disable https redirection only for admin and account console?

jiny · June 23, 2022, 4:36am

Oh I forgot to mention this!

Keycloak is installed in a CentOS 7 server using JDK,
and I’m using Windows 10 PC to get in the keycloak admin console.

jiny · June 23, 2022, 5:27am

Oh I found the hidden option for accessing http!
hostname-strict-https=false

Now I just need to know how to fix the Underlying zerobytes issue for https

getvasanth · September 15, 2022, 2:41am

@jiny Were you able to resolve this issue?

jiny · September 15, 2022, 3:55am

The weird thing is that it happens at the first time I run start.
I set keycloak to be keep running even when I get out from the putty then this was fixed…
Still not 100percent fixed that setting AzureAD as a client and trying to reach kc login form shows that error again. (This has a workaroud using reverse proxy: AzureAD > different linux server > proxied to KC)

Btw 13hrs ago the same issue (I guess) has been fixed by upgrading Quarkus.
I’m waiting for it to be applied in 19.0.3 or 20 version

getvasanth · September 15, 2022, 6:02am

@jiny
Thanks for the reply. I have hit the same issue, and Running on Keycloak 18.0.0, but they are UWP apps.

jiny · September 15, 2022, 6:41am

I heard the with some windows it shows the underlying input stream error. (I think it was stackoverflow that someone said that he/she hits the same error when he/she tries to log in to admin console in windows browser) Both UWP n AzureAD are based on windwos, aren’t they?
I’m just waiting for the quarkus update be in the kc release note asap…

getvasanth · September 15, 2022, 8:37am

@jiny
Yes similar, but Keycloak 17: Cannot login to Keycloak with HTTPS from Windows (but can from Linux) - Stack Overflow

jiny · September 15, 2022, 8:59am

Yop
I tried 17, 17.0.1, 18, 18.0.1 and all reacted the same.
Since the Quarkus update thingi topic has come up and the issue was closed yesterday, I think the update will be done by 19.0.3 or later. Let’s wait…
(Or if you have a linux server, just use the reverse proxy way as I mentioned above)