Skip to content
This repository has been archived by the owner on Jan 29, 2024. It is now read-only.

forceBackendUrlToFrontendUrl #409

Closed
rgherta opened this issue Jun 13, 2022 · 3 comments
Closed

forceBackendUrlToFrontendUrl #409

rgherta opened this issue Jun 13, 2022 · 3 comments
Labels
kind/feature status/triage

Comments

@rgherta
Copy link

rgherta commented Jun 13, 2022

Description

In order to separate frontend form backend we need

/subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=properties.forceBackendUrlToFrontendUrl,value=false)

Otherwise accessing the adminUrl set by "KEYCLOAK_ADMIN_URL=https://myprivatekeycloak:8443/auth/" will result in a redirect to frontend

Is there an env for "forceBackendUrlToFrontendUrl" ?
Can you advise please?

Discussion

No response

Motivation

No response

Details

No response
@rgherta
Copy link
Author

rgherta commented Jun 13, 2022
edited
Loading

Actually I just checked the standalone-ha.xml and this property is set by default to false

sh-4.4$ cat standalone/configuration/standalone-ha.xml | grep forceBackendUrlToFrontendUrl
                        <property name="forceBackendUrlToFrontendUrl" value="false"/>

So why accessing in the browser https://admin.keycloak:8443 is ending up fetching this url

https://admin.keycloak:8443/auth/frontend.keycloak/admin/

My config is the following

podman run -p 8443:8443 --name keycloak1 --net keycloak-network --user 1000 -v /home/rocky/keycloak/certs/:/etc/x509/https:Z,U -e KEYCLOAK_FRONTEND_URL=frontend.keycloak -e KEYCLOAK_ADMIN_URL=https://admin.keycloak:8443/auth/  -e PROXY_ADDRESS_FORWARDING=true -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e DB_USER=keycloak -e DB_PASSWORD=secret quay.io/keycloak/keycloak:18.0.0-legacy

@rgherta
Copy link
Author

rgherta commented Jun 15, 2022

An update on this problem: my goal was to set frontendUrl and adminUrl using the legacy container image

The solution is to mount wildfly cli scripts in /opt/jboss/startup-scripts/ that alter standalone-ha.xml

The scripts must be mounted like described here
https://github.com/keycloak/keycloak-containers/blob/main/server/README.md

A few sample scripts that set the required parameters can be found here
https://github.com/PacktPublishing/Keycloak-Identity-and-Access-Management-for-Modern-Applications/tree/master/ch9

@rgherta rgherta mentioned this issue Jun 15, 2022
Closed
@stianst
Copy link
Contributor

stianst commented Oct 24, 2022

With Keycloak 20 the WildFly based distribution is no longer supported. For the newer Quarkus distribution of Keycloak, check out the new documentation, or the updated container sources.

@stianst stianst closed this as not planned Won't fix, can't repro, duplicate, stale Oct 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature status/triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

adminUrl rgherta/keycloak-containers
2 participants
@stianst @rgherta