The account console presents "Failed to initialize keycloak" init request returns 403

Running 12.0.4 on eks cluster behind kong ingress. It actually works fine on docker, so it seems to be an ingress issue, i just don’t understand how :frowning:

When i request https://<domain>/auth/realms/test-realm/account/ i get a popup “Failed to initialize keycloak”


Looking at the network bar in firefox, this request is returning 403

I compared this against running the docker container (12.0.4) and this endpoint displays the account console page and DOESN’T require any login, so the 403 here is odd, since user-authentication isnt required.

I am also running keycloak with debug logging, but there isn’t anything useful coming from the logs.

Anyone else experiencing this?


Ok, the issue is with the web-origins. I believe something about the ingress and internal configurations must not be in sync because if I allow all web origins it works.

This setting is in the clients section of each realm. For my problem, this was in the “accounts-console” client:

It would be lovely to add some debug logs about this. It required a code-dive to figure this out… I might try to submit a PR for it, or at least get one of the devs to add it in. The code where this is checked is here: keycloak/ at f9d4f3c7c29dff4dec06b88d8acfa07a5356669f · keycloak/keycloak · GitHub


Life saver. For the life of me couldn’t figure it out. The DEBUG logs didn’t provide a guidance. Thank you.


It works for me. Thanks!! @bclouser

Note: Please make sure to update the account-console client in master realm, if you have other realms exist.

1 Like