Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installed Apicurio Studio via Helm Chart getting redirect_uri issue #1914

Closed
anshulgargamway opened this issue Jun 1, 2022 · 2 comments
Closed

Installed Apicurio Studio via Helm Chart getting redirect_uri issue #1914

anshulgargamway opened this issue Jun 1, 2022 · 2 comments

Comments

@anshulgargamway
Copy link

anshulgargamway commented Jun 1, 2022
edited

Hello Team,

Recently I have installed Apicurio Studio using helm chart https://github.com/Apicurio/apicurio-studio/tree/master/distro/helm
Now, Apicurio Studio is installed successfuly but when I am trying to access the URL of apicurio studio it is redirecting to below URL

https://keyclock.xx.xx.net/auth/realms/apicurio/protocol/openid-connect/auth?response_type=code&client_id=apicurio-studio&redirect_uri=http%3A%2F%2F.xx.xx.net%2F&state=0a7ccfad-b813-4333-82fc-b415ba92f57d&login=true&scope=openid

If you notice in above URL it is getting redirected to http instead of https due to which we are getting following exception

2022-06-01 10:54:14,038 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) failed to turn code into token 2022-06-01 10:54:14,039 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) status from server: 400 2022-06-01 10:54:14,040 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-1) {"error":"invalid_grant","error_description":"Incorrect redirect_uri"

Now, we are using keycloak version 14.0.0 which is different from what is suggested in document https://apicurio-studio.readme.io/docs/setting-up-keycloak-for-use-with-apicurio
Can this be a problem.

Not sure if this is configuration issue in realm. I have used the exact realm mentioned in the above doc.

Extra Info
The above keycloak version is installed as part of microcks setup we have followed following helm chart for same and this works alright https://artifacthub.io/packages/helm/microcks/microcks

So, definately this is not the case as mentioned in https://stackoverflow.com/questions/32084604/why-is-keycloak-removing-the-ssl-in-the-redirect-uri
Even I have tried configuring above on keycloak env variable ! But no luck.

Any help over here will be great.

cc: @EricWittmann
@anshulgargamway
Copy link
Author

anshulgargamway commented Jun 2, 2022
edited

Hello Team,

I got this fixed.
Solution for same is I have created virtual-service and added following

 headers:
        request:
          set:
            x-forwarded-port: "443"
            x-forwarded-proto: https

Complete VirtualService.yaml for same.


kind: VirtualService
apiVersion: networking.istio.io/v1alpha3
metadata:
  name: apicurio-studio-ui
spec:
  hosts:      # which incoming host are we applying the proxy rules to???
    - "apicurio.preprod01.**"
  gateways:
    - apicurio-gateway
  http:
    - route:
        - destination:
            host: apicurio-studio-ui
            subset: original
      headers:
        request:
          set:
            x-forwarded-port: "443"
            x-forwarded-proto: https

---

kind: DestinationRule
apiVersion: networking.istio.io/v1alpha3
metadata:
  name: apicurio-studio-ui
spec:
  host: apicurio-studio-ui
  subsets:
    - labels:
        module: apicurio-studio-ui
      name: original

@EricWittmann
Copy link
Member

Thank you for the initial report and then the self-fix for this issue, @anshulgargamway !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EricWittmann @anshulgargamway