HOAB

History of a bug

Keycloak admin stuck on HTTP 204 because of port 443

Rédigé par gorki Aucun commentaire

Problem :

I use Keycloak 19.0.1 behind a proxy (nginx) and wasn't able to connect to the admin part of keycloak.

With a reverse proxy nginx and keycloak, login in admin console lead to be blocked on :

/realms/master/protocol/openid-connect/login-status-iframe.html/init?client_id=security-admin-console ....

With a 204 return code and no other errors. 

Solution :

I had to explore keycloak source code to find the cause ; This test failed in keycloak.js : if ((event.origin !== loginIframe.iframeOrigin) in keycloak.js

After a (lot of) time of search, it appears that it compares : https://mydomain/keycloak and https://mydomain:443/keycloak because I'd setup hostname-port to 443 in keycloak.config.

My keycloak configuration : 

hostname=mydomain  
proxy=reencrypt  
hostname-strict=false  
hostname-port=443  
hostname-path=keycloak  
http-relative-path=keycloak  
hostname-admin-url=https://mydomain/keycloak

So keycloak build his URL as follow : https://mydomain:443/

And the browser send : https://mydomain/ as 443 is a default port and not displayed in the URL.

By removing the port, it works perfectly : 

#hostname-port=443

I open a discussion to improve documentation here

 

Écrire un commentaire

Quelle est le quatrième caractère du mot qdvthlx ?

Fil RSS des commentaires de cet article