Step1.html HTTP 404 Error

Hello,
I am working on a Keycloak POC and I have successfully created an image and deployed it to an Azure Kubernetes Service cluster.
When I access the app I am prompted to create the admin user (as expected).
I can access Keycloak using localhost:8443 and create the admin account.
I get a 404 error though on the file step1.html when trying to access the admin console.
This is the path that generates the 404 error:
https://localhost:8443/realms/master/protocol/openid-connect/3p-cookies/step1.html?version=56pvt

What am I doing incorrectly???

Dockerfile:

FROM quay.io/keycloak/keycloak:latest

ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_HTTPS_KEY_STORE_FILE=/opt/keycloak/conf/keystore/keystore.jks
ENV KC_HTTPS_KEY_STORE_PASSWORD=th3S3cr3t#
ENV KC_LOG=console,file
ENV KC_LOG_LEVEL=DEBUG
ENV KC_LOG_CONSOLE_COLOR=true
ENV KC_PROXY=passthrough
ENV KC_HTTP_ENABLED=false
ENV KC_PROXY_ADDRESS_FORWARDING=true
ENV KC_HOSTNAME=localhost:8443
ENV KC_HOSTNAME_STRICT=false
ENV KEYCLOAK_ADMIN_URL=/


# Install custom providers
RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
RUN /opt/keycloak/bin/kc.sh build


ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
1 Like

i have same issue, and already tried to fix for 3 full days.

Maybe situation is little different, i run my admin on a internal different domain…

Admin is working (also step1.html) when fully running on main public domain, but when using the internal domain, everything ok except step1 en step2 gives 404…

When i manually change it to the public domain the html is there.

So somehow only these html files don’t work on the internal domain how come

I had the same issue. I had an old version of keycloak and wanted to update it to 19.x. My setup needs to be deployed under the path /auth. So I used KC_HOSTNAME_PATH=auth.

But apparently that messes up the admin panel. The admin panel doesn’t take this KC_HOSTNAME_PATH into account apparently (my guess). In order to make it work I had to redirect / and /auth to the root of keycloak. See my ingress config:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: keycloak-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
    - host: my.host.ch
      http:
        paths:
          - path: /auth/(.+)
            pathType: Prefix
            backend:
              service:
                name: keycloak-service
                port:
                  number: 8080
    - host: my.host.ch
      http:
        paths:
          - path: /?(.+)
            pathType: Prefix
            backend:
              service:
                name: keycloak-service
                port:
                  number: 8080

I guess this config could be replicated on any other proxy. Baiscally:

  • redirect /(.+) to /$1 (no change)
  • redirect /auth/(.+) to /$1

As you can see I’m behind an nginx proxy (in kubernetes) and I use the config KC_PROXY=edge

I know it’s a tricky config and not a good solution but it worked for me. I hope it can help others.