Can't access Admin Console when using reverse proxy #11550

eucleciojosias · 2022-04-20T19:27:00Z

eucleciojosias
Apr 20, 2022

My Dockerfile:

FROM quay.io/keycloak/keycloak:nightly as builder

ENV KC_FEATURES=authorization,account2,account-api,admin-fine-grained-authz,admin2,docker,impersonation,token-exchange,client-policies,declarative-user-profile,dynamic-scopes,preview
ENV KC_DB=postgres

RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:nightly

COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/

WORKDIR /opt/keycloak

ARG KEYCLOAK_ADMIN
ARG KEYCLOAK_ADMIN_PASSWORD
ARG KC_DB_URL
ARG KC_DB_USERNAME
ARG KC_DB_PASSWORD
ARG KC_LOG_LEVEL

ENV KEYCLOAK_ADMIN=$KEYCLOAK_ADMIN
ENV KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD
ENV KC_DB_URL=$KC_DB_URL
ENV KC_DB_USERNAME=$KC_DB_USERNAME
ENV KC_DB_PASSWORD=$KC_DB_PASSWORD
ENV KC_LOG_LEVEL=$KC_LOG_LEVEL

ENV KC_PROXY=edge
ENV KC_HOSTNAME=keycloak.betrybe.dev

ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

I tried so many approaches, but a just can't access the admin console.

I access https://my.domain.dev then I click in Administration Console that goes to https://my.domain.dev/admin/master/console/ with a loading Loading the admin console, then show up a js alert with a message failed to initialize keycloak the it's redirected to a error page with the URL:
https://my.domain.dev/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2Fmy.domain.dev%2Fadmin%2Fmaster%2Fconsole%2F%23%2F&state={}&response_mode=fragment&response_type=code&scope=openid&nonce={}&code_challenge={}&code_challenge_method=S256

With the error invalid_url in the image below

Paul6552 · 2022-04-24T15:21:48Z

Paul6552
Apr 24, 2022

Had the same problem: [https://keycloak.discourse.group/t/migration-from-docker-15-to-17-0-1/14878/2](Migration from 15 to 17)

I think you are missing two properties: hostname-strict: false and hostname-strict-https=false

0 replies

chinnayya-nalla · 2022-06-03T16:15:45Z

chinnayya-nalla
Jun 3, 2022

@eucleciojosias could please let me know how you have fixed this problem ? i am facing the same issue

0 replies

patelke1 · 2022-06-03T20:04:08Z

patelke1
Jun 3, 2022

Having a similar problem with no reverse proxy. Just accessing with a different name and when I click on Admin Console, get the same message. Tried hostname-strict=false and did not work. Anyone have any other suggestions.

1 reply

jrivers96 Jun 15, 2022

I think 18.0.1 has a fix for this. I'm waiting on the solution as well.

I think they add a new environment variable.

name: KC_SPI_HOSTNAME_DEFAULT_ADMIN
value: "keycloak.admin.dev.yourhostname.com"

XcrigX · 2022-06-16T14:27:15Z

XcrigX
Jun 16, 2022

Not sure if this is anyone's problem here - but see the last post here:
#12466

It seems that they logon dialog for the admin uses the public hostname even when accessing keycloak using a private hostname - or at least it does with the various configuration settings I am using.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Can't access Admin Console when using reverse proxy #11550

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 4 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Can't access Admin Console when using reverse proxy #11550

Uh oh!

Uh oh!

eucleciojosias Apr 20, 2022

Replies: 4 comments · 1 reply

Uh oh!

Paul6552 Apr 24, 2022

Uh oh!

chinnayya-nalla Jun 3, 2022

Uh oh!

patelke1 Jun 3, 2022

Uh oh!

jrivers96 Jun 15, 2022

Uh oh!

XcrigX Jun 16, 2022

eucleciojosias
Apr 20, 2022

Replies: 4 comments 1 reply

Paul6552
Apr 24, 2022

chinnayya-nalla
Jun 3, 2022

patelke1
Jun 3, 2022

XcrigX
Jun 16, 2022