Stuck on setup, admin panel keeps reloading

Configuring the server
1

Hi everybody,

I used the following tutorial to setup my Keycloak server on a VM https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9.

After that I set <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="true" enable-http2="true"/>
Finally I enabled an reverse-proxy using nginx to access the instance from my domain.

If I access the server directly using the external IP xx.xx.xx.xx:8008, everything works.
But if I access it trough my proxy, and enter my login credentials the admin panel keeps reloading.

The log (/opt/keycloak/standalone/log/server.log) shows the following message constantly

2020-08-15 04:06:48,320 WARN  [org.keycloak.events] (default task-3) type=REFRESH_TOKEN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=190.13.124.154, error=invalid_token, grant_type=refresh_token, client_auth_method=client-secret

My nginx config looks like this:

location / {
    proxy_pass http://192.168.1.17:8080;
    proxy_http_version      1.1;
    proxy_cache_bypass      $http_upgrade;

    proxy_set_header Upgrade                $http_upgrade;
    proxy_set_header Connection             "upgrade";
    proxy_set_header Host                   $host;
    proxy_set_header X-Real-IP              $remote_addr;
    proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto      $scheme;
    proxy_set_header X-Forwarded-Host       $host;
    proxy_set_header X-Forwarded-Port       $server_port;

    proxy_buffering     off;
}

Hopefully I have provided enough information for somebody to help.

2

I downgraded to 10.0.2 and repeated the same steps.
This didn’t solve the problem and I got the same error.

So I think I configured something wrong, but I don’t know what.

3

I also tried using docker-compose, this was my docker-compose.yml file:

version: "3"

volumes:
  mysql_data:
    driver: local

services:
  mariadb:
    image: mariadb
    volumes:
      - mysql_data:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: root
      MYSQL_DATABASE: keycloak
      MYSQL_USER: keycloak
      MYSQL_PASSWORD: password
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "--silent"]
  keycloak:
    image: quay.io/keycloak/keycloak:latest
    ports:
      - 8080:8080
      - 8443:8443
    environment:
      DB_VENDOR: mariadb
      DB_ADDR: mariadb
      DB_DATABASE: keycloak
      DB_USER: keycloak
      DB_PASSWORD: password
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      PROXY_ADDRESS_FORWARDING: "true"
      JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
      JGROUPS_DISCOVERY_PROPERTIES: datasource_jndi_name=java:jboss/datasources/KeycloakDS,info_writer_sleep_time=500
    depends_on:
      - mariadb

This also didn’t work

4

This request returns an 400 code when performed by the frontend.

curl 'https://auth.castelnuovo.xyz/auth/realms/master/protocol/openid-connect/token' \
  -H 'authority: auth.castelnuovo.xyz' \
  -H 'user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Mobile Safari/537.36' \
  -H 'dnt: 1' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'accept: */*' \
  -H 'origin: https://auth.castelnuovo.xyz' \
  -H 'sec-fetch-site: same-origin' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-dest: empty' \
  -H 'referer: https://auth.castelnuovo.xyz/auth/admin/master/console/' \
  -H 'accept-language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,fy;q=0.6,la;q=0.5' \
  -H 'cookie: AUTH_SESSION_ID=e5fcaf72-40ed-475d-9d76-c339ece9bf94.auth; AUTH_SESSION_ID_LEGACY=e5fcaf72-40ed-475d-9d76-c339ece9bf94.auth; KEYCLOAK_SESSION=master/78f86274-3ae1-41e8-8be4-c2f76ce6991a/e5fcaf72-40ed-475d-9d76-c339ece9bf94; KEYCLOAK_SESSION_LEGACY=master/78f86274-3ae1-41e8-8be4-c2f76ce6991a/e5fcaf72-40ed-475d-9d76-c339ece9bf94; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmZTM1NGU5ZS04MDM1LTRkNjktYTEyNi04MmEzNTJiZGQxNzEifQ.eyJleHAiOjE1OTc2MjI3MTYsImlhdCI6MTU5NzU4NjcxNiwianRpIjoiYmQ4NDU4ZGMtOGUwOS00OTM4LThhYTctNzg0NTVmYmYxNjk4IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmNhc3RlbG51b3ZvLnh5ei9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiI3OGY4NjI3NC0zYWUxLTQxZTgtOGJlNC1jMmY3NmNlNjk5MWEiLCJ0eXAiOiJTZXJpYWxpemVkLUlEIiwic2Vzc2lvbl9zdGF0ZSI6ImU1ZmNhZjcyLTQwZWQtNDc1ZC05ZDc2LWMzMzllY2U5YmY5NCIsInN0YXRlX2NoZWNrZXIiOiJZZEdYdGtONll0VlcxTE41bGlUWl9fdHppaml1Wm5iUmw2eVhlQ01JNHlNIn0.DOC--UrBDIYoVoBf3GUyfwCjpq-gAbV3uYAoFUKivn4; KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmZTM1NGU5ZS04MDM1LTRkNjktYTEyNi04MmEzNTJiZGQxNzEifQ.eyJleHAiOjE1OTc2MjI3MTYsImlhdCI6MTU5NzU4NjcxNiwianRpIjoiYmQ4NDU4ZGMtOGUwOS00OTM4LThhYTctNzg0NTVmYmYxNjk4IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmNhc3RlbG51b3ZvLnh5ei9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiI3OGY4NjI3NC0zYWUxLTQxZTgtOGJlNC1jMmY3NmNlNjk5MWEiLCJ0eXAiOiJTZXJpYWxpemVkLUlEIiwic2Vzc2lvbl9zdGF0ZSI6ImU1ZmNhZjcyLTQwZWQtNDc1ZC05ZDc2LWMzMzllY2U5YmY5NCIsInN0YXRlX2NoZWNrZXIiOiJZZEdYdGtONll0VlcxTE41bGlUWl9fdHppaml1Wm5iUmw2eVhlQ01JNHlNIn0.DOC--UrBDIYoVoBf3GUyfwCjpq-gAbV3uYAoFUKivn4' \
  --data-raw 'grant_type=refresh_token&refresh_token=undefined&client_id=security-admin-console' \
  --compressed

The response is empty.

1 Like
5

I am seeing the same thing with no luck on how to resolve this.