Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bitnami/keycloak] KC_HOSTNAME_ADMIN_URL seems incorrect in proxy=edge #27315

Closed
singhbaljit opened this issue Jun 17, 2024 · 4 comments · Fixed by #27436
Closed

[bitnami/keycloak] KC_HOSTNAME_ADMIN_URL seems incorrect in proxy=edge #27315

singhbaljit opened this issue Jun 17, 2024 · 4 comments · Fixed by #27436
Assignees
@carrodher
Labels
keycloak solved tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@singhbaljit
Copy link
Contributor

singhbaljit commented Jun 17, 2024
edited
Loading

Name and Version

bitnami/keycloak

What architecture are you using?

amd64

What steps will reproduce the bug?

  1. Deploy Keycloak chart with proxy mode edge.
  2. Enable ingress (and TLS termination) with nginx (could be any ingress controller)
  3. Go to admin page, and click on the Administration Console
  4. Get an error that the redirect_uri is incorrect.

Are you using any custom parameters or values?

proxy: edge

ingress.enabled: true
ingress.ingressClassName: ngnix
ingress.hostname: "auth.something.com"

adminIngress.enabled: true
adminIngress.ingressClassName: ngnix
adminIngress.hostname: "admin.something.com"

What is the expected behavior?

It should take you to the login page correctly. However, it does not because the KC_HOSTNAME_ADMIN_URL value uses http, where as the redirect_uri (correctly) has the https.

What do you see instead?

Error that the redirect_uri is incorrect for admin console.

Additional information

The issue is here:

            - name: KC_HOSTNAME_ADMIN_URL
              value: "http{{ if .Values.adminIngress.tls }}s{{ end }}://{{ include "common.tplvalues.render" (dict "value" .Values.adminIngress.hostname "context" $) }}"

It switches to HTTPS only when the TLS is enabled. It should also be HTTPS in edge proxy mode.

There are some related issues that may impact this issue as well, namely #25963 and #26175.
@singhbaljit singhbaljit added the tech-issues The user has a technical issue about an application label Jun 17, 2024
@github-actions github-actions bot added the triage Triage is needed label Jun 17, 2024
@singhbaljit
Copy link
Contributor Author

I suppose this is also the case for KC_HOSTNAME_URL

            - name: KC_HOSTNAME_URL
              value: "http{{ if .Values.adminIngress.tls }}s{{ end }}://{{ include "common.tplvalues.render" (dict "value" .Values.adminIngress.hostname "context" $) }}"

@singhbaljit
Copy link
Contributor Author

I just realized this was recently added in #25386.

@carrodher
Copy link
Member

Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.

Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.

@singhbaljit singhbaljit changed the title KC_HOSTNAME_ADMIN_URL seems incorrect in proxy=edge [bitnami/keycloak] KC_HOSTNAME_ADMIN_URL seems incorrect in proxy=edge Jun 18, 2024
@singhbaljit singhbaljit mentioned this issue Jun 18, 2024
Merged
4 tasks
@singhbaljit
Copy link
Contributor Author

@carrodher please have a look at #27436.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
keycloak solved tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[bitnami/keycloak] fix Keycloak HTTP schema for edge proxy mode singhbaljit/bitnami-charts
2 participants
@carrodher @singhbaljit