Hi everybody,
I used the following tutorial to setup my Keycloak server on a VM https://medium.com/@hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9.
After that I set <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="true" enable-http2="true"/>
Finally I enabled an reverse-proxy using nginx to access the instance from my domain.
If I access the server directly using the external IP xx.xx.xx.xx:8008, everything works.
But if I access it trough my proxy, and enter my login credentials the admin panel keeps reloading.
The log (/opt/keycloak/standalone/log/server.log) shows the following message constantly
2020-08-15 04:06:48,320 WARN [org.keycloak.events] (default task-3) type=REFRESH_TOKEN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=190.13.124.154, error=invalid_token, grant_type=refresh_token, client_auth_method=client-secret
My nginx config looks like this:
location / {
proxy_pass http://192.168.1.17:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_buffering off;
}
Hopefully I have provided enough information for somebody to help.
I downgraded to 10.0.2 and repeated the same steps.
This didn’t solve the problem and I got the same error.
So I think I configured something wrong, but I don’t know what.
I also tried using docker-compose, this was my docker-compose.yml
file:
version: "3"
volumes:
mysql_data:
driver: local
services:
mariadb:
image: mariadb
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
healthcheck:
test: ["CMD", "mysqladmin", "ping", "--silent"]
keycloak:
image: quay.io/keycloak/keycloak:latest
ports:
- 8080:8080
- 8443:8443
environment:
DB_VENDOR: mariadb
DB_ADDR: mariadb
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
PROXY_ADDRESS_FORWARDING: "true"
JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
JGROUPS_DISCOVERY_PROPERTIES: datasource_jndi_name=java:jboss/datasources/KeycloakDS,info_writer_sleep_time=500
depends_on:
- mariadb
This also didn’t work
This request returns an 400 code when performed by the frontend.
curl 'https://auth.castelnuovo.xyz/auth/realms/master/protocol/openid-connect/token' \
-H 'authority: auth.castelnuovo.xyz' \
-H 'user-agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Mobile Safari/537.36' \
-H 'dnt: 1' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'accept: */*' \
-H 'origin: https://auth.castelnuovo.xyz' \
-H 'sec-fetch-site: same-origin' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-dest: empty' \
-H 'referer: https://auth.castelnuovo.xyz/auth/admin/master/console/' \
-H 'accept-language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,fy;q=0.6,la;q=0.5' \
-H 'cookie: AUTH_SESSION_ID=e5fcaf72-40ed-475d-9d76-c339ece9bf94.auth; AUTH_SESSION_ID_LEGACY=e5fcaf72-40ed-475d-9d76-c339ece9bf94.auth; KEYCLOAK_SESSION=master/78f86274-3ae1-41e8-8be4-c2f76ce6991a/e5fcaf72-40ed-475d-9d76-c339ece9bf94; KEYCLOAK_SESSION_LEGACY=master/78f86274-3ae1-41e8-8be4-c2f76ce6991a/e5fcaf72-40ed-475d-9d76-c339ece9bf94; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmZTM1NGU5ZS04MDM1LTRkNjktYTEyNi04MmEzNTJiZGQxNzEifQ.eyJleHAiOjE1OTc2MjI3MTYsImlhdCI6MTU5NzU4NjcxNiwianRpIjoiYmQ4NDU4ZGMtOGUwOS00OTM4LThhYTctNzg0NTVmYmYxNjk4IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmNhc3RlbG51b3ZvLnh5ei9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiI3OGY4NjI3NC0zYWUxLTQxZTgtOGJlNC1jMmY3NmNlNjk5MWEiLCJ0eXAiOiJTZXJpYWxpemVkLUlEIiwic2Vzc2lvbl9zdGF0ZSI6ImU1ZmNhZjcyLTQwZWQtNDc1ZC05ZDc2LWMzMzllY2U5YmY5NCIsInN0YXRlX2NoZWNrZXIiOiJZZEdYdGtONll0VlcxTE41bGlUWl9fdHppaml1Wm5iUmw2eVhlQ01JNHlNIn0.DOC--UrBDIYoVoBf3GUyfwCjpq-gAbV3uYAoFUKivn4; KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmZTM1NGU5ZS04MDM1LTRkNjktYTEyNi04MmEzNTJiZGQxNzEifQ.eyJleHAiOjE1OTc2MjI3MTYsImlhdCI6MTU5NzU4NjcxNiwianRpIjoiYmQ4NDU4ZGMtOGUwOS00OTM4LThhYTctNzg0NTVmYmYxNjk4IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmNhc3RlbG51b3ZvLnh5ei9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJzdWIiOiI3OGY4NjI3NC0zYWUxLTQxZTgtOGJlNC1jMmY3NmNlNjk5MWEiLCJ0eXAiOiJTZXJpYWxpemVkLUlEIiwic2Vzc2lvbl9zdGF0ZSI6ImU1ZmNhZjcyLTQwZWQtNDc1ZC05ZDc2LWMzMzllY2U5YmY5NCIsInN0YXRlX2NoZWNrZXIiOiJZZEdYdGtONll0VlcxTE41bGlUWl9fdHppaml1Wm5iUmw2eVhlQ01JNHlNIn0.DOC--UrBDIYoVoBf3GUyfwCjpq-gAbV3uYAoFUKivn4' \
--data-raw 'grant_type=refresh_token&refresh_token=undefined&client_id=security-admin-console' \
--compressed
The response is empty.
1 Like
I am seeing the same thing with no luck on how to resolve this.