Invalid_redirect_uri when hostname is NOT localhost:8443

Grond · May 5, 2022, 9:58pm

Hello,
I am working on a Keycloak POC and I have successfully created an image and deployed it to an Azure Kubernetes Service cluster. The set-up is pretty basic and includes an nginx reverse proxy.
My problem is that I cannot access the administration console unless I set KC_HOSTNAME=localhost:8443.
When I set KC_HOSTNAME to localhost the issuer and authorization_endpoint both have internal URLs:

issuer: https://localhost:8443/realms/master
authorization_endpoint: https://localhost:8443/realms/master/protocol/openid-connect/auth

This makes it impossible for the SSO login screen to be accessed by my test springboot rest api application as the login SSO screen redirects to the localhost address.
When I set KC_HOSTNAME= aks-docs-dev-api.mycompany.net both issuer and authorization_endpoint are correct:

issuer: https://aks-docs-dev-api.autolendingapps.net/dev03/poc-keycloak-test0/realms/master
authorization_endpoint: https:// aks-docs-dev-api.mycompany.net /dev/poc-keycloak-test0/realms/master/protocol/openid-connect/auth

With KC_HOSTNAME= aks-docs-dev-api.mycompany.net I cannot access the Administration Console.
I get the following error (I am attempting to connect using port-forwarding: 127.0.0.1:8443 → 8443).

2022-05-05 19:17:47,850 WARN  [org.keycloak.events] (executor-thread-70) type=LOGIN_ERROR, realmId=7b1cc8c3-1f26-49b6-9dc7-b5e2dfc4f446, clientId=security-admin-console, userId=null, ipAddress=10.81.118.192, error=invalid_redirect_uri, redirect_uri=https://localhost:8443/admin/master/console/

Is there anything obvious in my Dockerfile that I can correct or add to get Keycloak to work on AKS?
Thanks!!!

FROM quay.io/keycloak/keycloak:18.0.0

ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_HTTPS_KEY_STORE_FILE=/opt/keycloak/conf/keystore/keystore.jks
ENV KC_HTTPS_KEY_STORE_PASSWORD=changeit
ENV KC_LOG=console,file
ENV KC_LOG_LEVEL=DEBUG
ENV KC_LOG_CONSOLE_COLOR=true
ENV KC_PROXY=passthrough
ENV KC_HTTP_ENABLED=false
ENV KC_PROXY_ADDRESS_FORWARDING=true
#ENV KC_HOSTNAME=localhost:8443
ENV KC_HOSTNAME=aks-docs-dev-api.mycompany.net 
ENV KC_HOSTNAME_STRICT=false
ENV KC_SPI_HOSTNAME_DEFAULT_ADMIN=localhost:8443/admin
ENV KC_HOSTNAME_PATH=/dev/poc-keycloak-test0/
ENV KEYCLOAK_ADMIN=lawrence
ENV KEYCLOAK_ADMIN_PASSWORD=testtest
ENV KEYCLOAK_ADMIN_URL=localhost:8443/admin
ENV KEYCLOAK_FRONTEND_URL=https://aks-docs-dev-api.mycompany.net/dev/poc-keycloak-test0/

# Install custom providers
RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
RUN /opt/keycloak/bin/kc.sh build


ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

Topic		Replies	Views
Clicking admin panel from localhost redirects to hostname with invalid parameter Configuring the server	2	427	July 12, 2022
KeyCloak 19.0.1 Admin Console behind k8s nginx gives invalid redirect_uri Configuring the server	9	3656	September 13, 2022
Getting Invalid parameter: redirect_uri when installed with keycloak-operator Configuring the server	3	17726	January 14, 2020
Changing identity provider redirect uri to use KC_HOSTNAME instead of KC_HOSTNAME_ADMIN Configuring the server identity-brokering	5	1190	February 17, 2024
[KC 17.x.x] How to access admin UI from port-forwarded/internal URL / prevent redirect from internal url to KC_HOSTNAME Configuring the server admin-console	10	5694	July 4, 2022

Invalid_redirect_uri when hostname is NOT localhost:8443

Related Topics