While migrating the existing Web App to a new domain, we are getting 500 Internal Server error with RedHat SSO service endpoint.

Hi All,

I have a web application hosted on RedHat OpenShift Dedicated (using AWS) which uses Redhat SSO v7.3 (using Keycloak build). Recently, we planned to migrate our web app to new domain but after changes we are not able to access RedHat SSO Administration console to do realm management, instead its throwing 500 Internal Server Error.

Current implementation:-

In RedHat OpenShift Dedicated (v4.10.40), we have two projects:

  1. RedHat SSO project (v7.3 using Keycloak build)
  2. Project having all application related services along with Keycloak service

Changes Made:-

To migrate the Domain of the web app to new one, changes that I did were:-

  1. Created a new route for the UI client app service using the wildcard certificate of new domain
  2. Updated the redirect SSO host URL with new domain in the existing services under application related project
  3. Created a new route using wildcard certificate for new domain in the RedHat SSO project.
  4. Updated the KeyStore secrets in SSO service which were created using wildcard certificate for new domain in the RedHat SSO project.

Issue:-

After adding new route and updating KeyStore, I am not able to access the new RedHat SSO endpoint URL. But when I revert back to old KeyStore and route, it starts working fine. I recently updated the certificate for existing old domain and to avoid expiry it got successfully completed with same change.
After doing changes regarding new Domain, SSO service is not throwing any error in it’s SSO service pod logs but Kyecloak service in application project is giving “500 Internal Server Error”. When I debugged, I found that error is being thrown when Keycloak service is trying to fetch a token via a rest service call providing realm info to new RedHat SSO host as per new domain.

Please suggest what should be done so that new RedHat SSO endpoint is available so that we are able to see RedHat SSO Administration console to be able to do realm management and fetch token via Keycloak service that would in turn resolve the 500 Internal server error being thrown currently.

Hi All,
Any input on this issue is highly appreciated.
Thanks in Advance!