[HTTPS] Underlying input stream returned zero bytes

Hi everyone,

I tested all the features I needed via http; works all good.
Now, using RootCA certificate, I modified keycloak.conf > kc.sh build > kc.sh start

The admin console login page seems fine.
It has the lock sign on the left of the url, and I can enter ID/PW to submit the form.
But when I submit the form, the log shows “Underlying input stream returned zero bytes”,
not allowing me to actually get in the console and modify the features I want.

This always happened in 17.0.0, 17.0.1, 18.0.0 version.
With 18.0.1 version, it sometimes allows me to access https and sometimes not.

(1) Is there any way I can completely fix this issue?

I’m also considering using http for keycloak admin/account console
(and us https for other clients)

So I tried

  • “update REALM set ssl_required = ‘NONE’ where id = ‘master’;” in DB > NOT WORKING
  • set “http-enabled=true” in conf > NOT WORKING
  • added valid redirec_uri “http:///admin/master/console/*” in Clients (Master/security-admin-console) > NOT WORKING

It always redirected me to https login page for http:///admin…

(2) How can I disable https redirection only for admin and account console?

Oh I forgot to mention this!

Keycloak is installed in a CentOS 7 server using JDK,
and I’m using Windows 10 PC to get in the keycloak admin console.

Oh I found the hidden option for accessing http!

Now I just need to know how to fix the Underlying zerobytes issue for https

@jiny Were you able to resolve this issue?

The weird thing is that it happens at the first time I run start.
I set keycloak to be keep running even when I get out from the putty then this was fixed…
Still not 100percent fixed that setting AzureAD as a client and trying to reach kc login form shows that error again. (This has a workaroud using reverse proxy: AzureAD > different linux server > proxied to KC)

Btw 13hrs ago the same issue (I guess) has been fixed by upgrading Quarkus.
I’m waiting for it to be applied in 19.0.3 or 20 version

Thanks for the reply. I have hit the same issue, and Running on Keycloak 18.0.0, but they are UWP apps.

I heard the with some windows it shows the underlying input stream error. (I think it was stackoverflow that someone said that he/she hits the same error when he/she tries to log in to admin console in windows browser) Both UWP n AzureAD are based on windwos, aren’t they?
I’m just waiting for the quarkus update be in the kc release note asap…

Yes similar, but Keycloak 17: Cannot login to Keycloak with HTTPS from Windows (but can from Linux) - Stack Overflow

I tried 17, 17.0.1, 18, 18.0.1 and all reacted the same.
Since the Quarkus update thingi topic has come up and the issue was closed yesterday, I think the update will be done by 19.0.3 or later. Let’s wait…
(Or if you have a linux server, just use the reverse proxy way as I mentioned above)