Hello,
I installed the container as described here on the docker hub page for jboss/keycloak (new user, only two links, sorry)
I have this directory architecture:
.
├── container
│ ├── 01-consul-agent.sh
│ └── Dockerfile
└── docker-compose.yml
The relevant files regarding conf / deployment:
./docker-compose.yml: https://hastebin.com/uvehaliwab.xml
./container/Dockerfile:
FROM jboss/keycloak
ADD 01-consul-agent.sh /opt/jboss/startup-scripts/
USER root
RUN microdnf install net-tools bind-utils iputils curl unzip
RUN chmod +x /opt/jboss/startup-scripts/01-consul-agent.sh
USER jboss
Keycloak is served behind a nginx proxy. I can attach the configuration if needed.
I am experimenting with keycloak to see if it fits our needs. I have configured multiple OIDC clients and everything was working so far.
When I got around to trying adding group policies, I stumbled upon an error.
I can access the policy creation form (lets say: https:/ /keycloak.int.<FQDN>/auth/admin/master/console/#/realms/public/clients/<XXXXXXXXXXX>/authz/resource-server/policy/group/create
), but when I type a name in the mandatory “Name” field and try to go out of it, I get redirected to https:/ /keycloak.int.<FQDN>/auth/admin/master/console/#/notfound
.
On this page, in the console I get:
Possibly unhandled rejection: {"data":{"error":"HTTP 404 Not Found"},"status":404,"config":{"method":"GET","transformRequest":[null,null],"transformResponse":[null],"jsonpCallbackParam":"callback","url":"https:/ /keycloak.int.<FQDN>/auth/admin/realms/public/clients/<XXXXXXXXXXX>/authz/resource-server/policy/search","params":{"name":"ert"},"headers":{"Accept":"application/json, text/plain, */*","Authorization":"Bearer <BEARER_TOKEN>"}},"statusText":"Not Found","xhrStatus":"complete","resource":{}}
And when I go to https:/ /keycloak.int.<FQDN>/auth/admin/realms/public/clients/<XXXXXXXXXXX>/authz/resource-server/policy/search
manually to investigate, I get a 401
with the following message:
We are sorry... An internal server error has occurred
The debug info at that time from docker-compose logs
is: https://hastebin.com/xuvenopiqa.cs
The only relevant information I might see would be No collections were found in result set for role: org.keycloak.authorization.jpa.entities.PolicyEntity.associatedPolicies
But to be honest I have little to no clues and am a bit lost as to what to investigate next in order to fix the problem.
Thank you in advance for any help provided and sorry for the long post.
Edit: formatting problem