Running 12.0.4 on eks cluster behind kong ingress. It actually works fine on docker, so it seems to be an ingress issue, i just don’t understand how
When i request
https://<domain>/auth/realms/test-realm/account/ i get a popup “Failed to initialize keycloak”
Looking at the network bar in firefox, this request is returning 403
I compared this against running the docker container (12.0.4) and this endpoint displays the account console page and DOESN’T require any login, so the 403 here is odd, since user-authentication isnt required.
I am also running keycloak with debug logging, but there isn’t anything useful coming from the logs.
Anyone else experiencing this?
Ok, the issue is with the web-origins. I believe something about the ingress and internal configurations must not be in sync because if I allow all web origins it works.
This setting is in the clients section of each realm. For my problem, this was in the “accounts-console” client:
It would be lovely to add some debug logs about this. It required a code-dive to figure this out… I might try to submit a PR for it, or at least get one of the devs to add it in. The code where this is checked is here: keycloak/LoginStatusIframeEndpoint.java at f9d4f3c7c29dff4dec06b88d8acfa07a5356669f · keycloak/keycloak · GitHub
Life saver. For the life of me couldn’t figure it out. The DEBUG logs didn’t provide a guidance. Thank you.
It works for me. Thanks!! @bclouser
Note: Please make sure to update the
account-console client in
master realm, if you have other realms exist.