Keycloak white admin console and 401 responses

Configuring the server
1

Hi,

Due to external constraints my architecture is currently looking like this :

haproxy on 443 <—> nginx on 80 <—> keycloak in docker container

  • Haproxy is used as simple reverse ssl proxy and send X-forwared headers
  • Nginx is used to proxy_pass to keycloak on http port with the necessary X-forwarded headers (X-Forwarded-For, X-Forwaded-Host and X-Forwarded-Proto set to https)
  • Keycloak is running with the PROXY_ADDRESS_FORWARDING option set to true

I can access the landing page and the /auth/realms/master/account page. However I cannot access the admin console. What happens is that app.js requests /auth/admin/master/console/whoami which fails and returns a 401 error when reached directly. I’m also having troubles the openid-connect api (401 http codes).
Worst part : There’s nothing in the logs even with log_level ALL

Are there some conflicting headers in this stack of servers ? How can I progress in debuging this mess ?

Thanks in advance

2 Likes
2

Same here, I was running a normal docker container, and all I now see is a white screen and 401 when I login.

3

Did you manage to solve this? I’m having the same problem with keycloak running in a docker container

4

I managed to solve this by adding the following env variable:

KEYCLOAK_FRONTEND_URL=https://<my-domain>/auth
5

I had the same problem after upgrading from 17.0.0 to 17.0.1
I was able to fix it by setting the env variable mentioned by cod-r, I noticed that it’s also working with a relative path (no need to hardcode the domain name):

KEYCLOAK_FRONTEND_URL=/auth