Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use authServerUrl instead of authUrl to initialize Keycloak Admin Client #18244

Closed
thomasdarimont opened this issue May 26, 2022 · 0 comments · Fixed by keycloak/keycloak-ui#2704
Closed

Use authServerUrl instead of authUrl to initialize Keycloak Admin Client #18244

thomasdarimont opened this issue May 26, 2022 · 0 comments · Fixed by keycloak/keycloak-ui#2704
Labels
impact/high kind/bug Categorizes a PR related to a bug team/ui

Comments

@thomasdarimont
Copy link
Contributor

thomasdarimont commented May 26, 2022
edited

Describe the bug

If Keycloak is configured with a different admin-hostname (e.g. other than the frontend-hostname) for the admin-console, then the admin-console.v2 does not initialize correctly.

See: #12192

Version

18.0.0 / Main

Expected behavior

When using a dedicated admin-hostname then the admin-console.v2 should still work.

Actual behavior

Admin Console.V2 does not load correctly if different hostname settings are used.
See: #12192 (comment)

How to Reproduce?

 bin/kc.sh --verbose \
  start \
  --auto-build \
  --hostname=id.acme.test \
  --hostname-port=8443 \
  --hostname-strict=true \
  --hostname-strict-https=true \
  --hostname-strict-backchannel=true \
  --hostname-admin=admin.acme.test \
  --http-enabled=true \
  --http-relative-path="auth" \
  --proxy=edge \
  --https-certificate-file=./acme.test+1.pem \
  --https-certificate-key-file=./acme.test+1-key.pem \
  --spi-events-listener-jboss-logging-success-level=info \
  --spi-events-listener-jboss-logging-error-level=warn \
  --features=admin2

Anything else?

There is another bug in Keycloak which is fixed in #12192, which currently prevents users to easily configure different hostnames for frontend and admin usage.

A fix for the admin-console.v2 bootstrap can be found here:
#12192 (comment)
@thomasdarimont thomasdarimont added kind/bug Categorizes a PR related to a bug status/triage labels May 26, 2022
thomasdarimont referenced this issue in thomasdarimont/keycloak-ui May 26, 2022
@thomasdarimont
Use authServerUrl instead of authUrl to initialize keycloak client (#…
dc6e157 
…2703)

Previously the admin-console did not initialize properly,
when users configured the admin-hostname different from the frontend-hostname.

E.g:
--hostname: id.acme.test
--hostname-admin: admin.acme.test

produces an `environment` like:
...
- ´authUrl: https://admin.acme.test:8443/auth/...´
- ´authServerUrl: https://id.acme.test:8443/auth/...´

Since `authUrl` was used, the admin-client tried to create an 3p-check-iframe from
`https://admin.acme.test:8443/auth/...` which is not allowed since only `https://id.acme.test:8443/auth/...´ is allowed.

Using the `authServerUrl` ensures that the correct `IdP` url is used.

Fixes #2703

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
@thomasdarimont thomasdarimont mentioned this issue May 26, 2022
Merged
5 tasks
@psytester psytester mentioned this issue Jun 28, 2022
Closed
@ssilvert ssilvert transferred this issue from keycloak/keycloak-ui Mar 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
impact/high kind/bug Categorizes a PR related to a bug team/ui
Projects
None yet
Milestone
No milestone
2 participants
@thomasdarimont @ssilvert