Keycloak.x realm auth urls different

Configuring the server
1

Hello,

I’m trying to switch to the new keycloak.x distribution (from 11.0.2).
Importing previous realm settings and porting the configurations worked mostly good, but i noticed that the realm auth urls have changed when switching to keycloak.x . The url for the OpenID authorization endpoint was “http://localhost:8080/auth/realms/master/protocol/openid-connect/auth”, but with keycloak.x, it is “http://localhost:8080/realms/master/protocol/openid-connect/auth” (notice the missing ‘auth’ at the begin).

I’m looking for a configuration option to change the url’s back the the “old” scheme, since there are other applications that do not work without the missing ‘auth’ at the begin. Is there a property or configuration i can set?

2

Hey Rearth,

First of all, thanks for trying out Keycloak.x.

The removal of /auth root path was intentional as well as not allowing changing it. Easily.

However, you should be able to change it if you:

kc.sh config -Dquarkus.http.root-path=/auth

After that, when you start the server you should be able to access it using the /auth root path.

3

For those that continue to stumble upon here, in Keycloak 21.0.1 (and maybe some versions earlier, idk) you can use the following two environment vars to support the legacy /auth root path:

  KC_HOSTNAME: keycloak.yourcompany.com
  KC_HTTP_RELATIVE_PATH: /auth

While not ideal for new setups, it’s useful if you have to support an upstream partner with long release cycles where updating a single redirect url can take business quarters to complete. Now you can still upgrade your keycloak.