Running 12.0.4 on eks cluster behind kong ingress. It actually works fine on docker, so it seems to be an ingress issue, i just don’t understand how
When i request https://<domain>/auth/realms/test-realm/account/ i get a popup “Failed to initialize keycloak”
Looking at the network bar in firefox, this request is returning 403 https://<domain>/auth/realms/test-realm/protocol/openid-connect/login-status-iframe.html/init?client_id=account-console&origin=https://<domain>
I compared this against running the docker container (12.0.4) and this endpoint displays the account console page and DOESN’T require any login, so the 403 here is odd, since user-authentication isnt required.
I am also running keycloak with debug logging, but there isn’t anything useful coming from the logs.
Ok, the issue is with the web-origins. I believe something about the ingress and internal configurations must not be in sync because if I allow all web origins it works.
This setting is in the clients section of each realm. For my problem, this was in the “accounts-console” client:
I am new to keycloak and struggling with the same ““failed to initatilize keycloak” issue as others. But the workaround described here (” update the account-console client in master realm") fails in my case. It is not possible to edit account-console settings on the master realm, as even this link is replied with “https://login.netzwissen.de/admin/master/console/#/notfound” (404).
My setup:
keycloak 18.0.0. quarkus, single instance on ubuntu 20.04 lxc container
haproxy as a central ssl accelerator forwards the requests to java/keycloak on p. 8080
config with proxy=edge
Is there any other way to fix this issue? As far as I understand from different readings, the root cause of the issue is not really solved yet… - is this correct? If I can help debugging this, let me know …
In the meantime I upgraded to keycloak 19. The solution was simply a permission change - originally all was root:root. I now use the following setup, as the keycloak JRE is started with User=keycloak from systemd.
drwxr-xr-x 3 keycloak root 4096 Jul 29 11:07 bin
drwxr-xr-x 2 keycloak root 4096 Aug 26 11:02 conf
drwxr-xr-x 4 keycloak root 4096 Aug 26 10:09 data
drwxr-xr-x 5 keycloak root 4096 Jul 29 11:07 lib
drwxr-xr-x 2 keycloak root 4096 Aug 26 16:07 providers
drwxr-xr-x 3 keycloak root 4096 Aug 27 11:50 themes
And for /data/tmp
drwxr-xr-x 3 keycloak keycloak 4096 Aug 26 10:09 tmp