Keycloak admin console in docker behind reverse proxy

Configuring the server
1

Hello,

I am trying to use Keycloak 19.0.1 on a docker container, with nginx 1.18.0 as a reverse proxy

Keycloak is started with:

docker run -p 127.0.0.1:8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:19.0.1 start-dev --proxy=edge

and the nginx configuration is as follows:

upstream keycloak_app {
    server 127.0.0.1:8080;  
}

server{
server_name kc.hidden.com;
location / {
          proxy_http_version 1.1;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forward-Proto https;
          proxy_set_header X-Forwarded-Host $http_host;
          proxy_set_header X-Forwarded-Server $http_host;
          proxy_set_header X-Request-Id $request_id;
          proxy_pass http://keycloak_app;
    }

}

When accessing https://kc.hidden.com/admin/master/console/, the page starts loading but the message “Loading the admin console” stays indefinitely and in the browser (Firefox) console, one can read:

Uncaught (in promise) 
Object { error: "Timeout when waiting for 3rd party check iframe message." }

Note that if I access it directly, without going through the reverse proxy (through 127.0.0.1:8080), everything works (I can login).

I tried the (undocumented) option PROXY_ADDRESS_FORWARDING: “true” but it still does not work…

2

I too have this problem. Keycloak 17.0.0 in a Docker container behind Nginx (also in a Docker container) worked fine, but since then every release has caused me problems with the admin console (see http://keycloak.discourse.group/t/keycloak-17-admin-console-shows-only-the-top-navigation-bar/14695

I think the change in behaviour is down to this commit https://github.com/keycloak/keycloak/commit/3da5a8ea7349ee306895f0071b883901102fe2fd

So I suspect the problem in my case is down to me not finding a working combination of Nginx and Keycloak configuration settings.

BTW every other Keycloak function in my environment works just fine on 17.0.0 and all versions through to and including 19.0.1 — only the Admin console does not load as expected.

3

Hi,

Keycloak 20.0.1
I have also

Uncaught (in promise) 
Object { error: "Timeout when waiting for 3rd party check iframe message." }

how to fix infinite loop of admin console?

1 Like
4

I have the same.

  1. Use the Dockerfile here: Running Keycloak in a container - Keycloak
  2. docker pull and run postgres
  3. docker build and run keycloak
    ENV KC_DB_URL=jdbc:postgresql://host.docker.internal:5432/postgres
  4. in Firefox, visit https:0.0.0.0:8443
    “Welcome to Keycloak” web page showes nicely
  5. click on ‘administration console’

Uncaught (in promise) Object { error: "Timeout when waiting for 3rd party check iframe message." }

In Chrome F12 also gives me:
Failed to load resource: the server responded with a status of 403 (), and …

Indicate whether a cookie is intended to be set in a cross-site context by specifying its SameSite attribute and Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute

5

Setting this environment variables helped me:

KC_HOSTNAME=localhost
KC_HOSTNAME_PORT=8888

Change it accordingly your setup.