Hello,
I am working on a Keycloak POC and I have successfully created an image and deployed it to an Azure Kubernetes Service cluster. The set-up is pretty basic and includes an nginx reverse proxy.
My problem is that I cannot access the administration console unless I set KC_HOSTNAME=localhost:8443.
When I set KC_HOSTNAME to localhost the issuer and authorization_endpoint both have internal URLs:
issuer: https://localhost:8443/realms/master
authorization_endpoint: https://localhost:8443/realms/master/protocol/openid-connect/auth
This makes it impossible for the SSO login screen to be accessed by my test springboot rest api application as the login SSO screen redirects to the localhost address.
When I set KC_HOSTNAME= aks-docs-dev-api.mycompany.net both issuer and authorization_endpoint are correct:
issuer: https://aks-docs-dev-api.autolendingapps.net/dev03/poc-keycloak-test0/realms/master
authorization_endpoint: https:// aks-docs-dev-api.mycompany.net /dev/poc-keycloak-test0/realms/master/protocol/openid-connect/auth
With KC_HOSTNAME= aks-docs-dev-api.mycompany.net I cannot access the Administration Console.
I get the following error (I am attempting to connect using port-forwarding: 127.0.0.1:8443 → 8443).
2022-05-05 19:17:47,850 WARN [org.keycloak.events] (executor-thread-70) type=LOGIN_ERROR, realmId=7b1cc8c3-1f26-49b6-9dc7-b5e2dfc4f446, clientId=security-admin-console, userId=null, ipAddress=10.81.118.192, error=invalid_redirect_uri, redirect_uri=https://localhost:8443/admin/master/console/
Is there anything obvious in my Dockerfile that I can correct or add to get Keycloak to work on AKS?
Thanks!!!
FROM quay.io/keycloak/keycloak:18.0.0
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_HTTPS_KEY_STORE_FILE=/opt/keycloak/conf/keystore/keystore.jks
ENV KC_HTTPS_KEY_STORE_PASSWORD=changeit
ENV KC_LOG=console,file
ENV KC_LOG_LEVEL=DEBUG
ENV KC_LOG_CONSOLE_COLOR=true
ENV KC_PROXY=passthrough
ENV KC_HTTP_ENABLED=false
ENV KC_PROXY_ADDRESS_FORWARDING=true
#ENV KC_HOSTNAME=localhost:8443
ENV KC_HOSTNAME=aks-docs-dev-api.mycompany.net
ENV KC_HOSTNAME_STRICT=false
ENV KC_SPI_HOSTNAME_DEFAULT_ADMIN=localhost:8443/admin
ENV KC_HOSTNAME_PATH=/dev/poc-keycloak-test0/
ENV KEYCLOAK_ADMIN=lawrence
ENV KEYCLOAK_ADMIN_PASSWORD=testtest
ENV KEYCLOAK_ADMIN_URL=localhost:8443/admin
ENV KEYCLOAK_FRONTEND_URL=https://aks-docs-dev-api.mycompany.net/dev/poc-keycloak-test0/
# Install custom providers
RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
RUN /opt/keycloak/bin/kc.sh build
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]