Keycloak 17 ports

382 views
Skip to first unread message

zakariae Lebriq

unread,
Mar 18, 2022, 7:28:10 AM3/18/22
to Keycloak User
Hello folk, 

I'm upgrading my keycloak from 15 to 17 version, I have  put this hostname config

KC_HOSTNAME=mylocal
KC_HOSTNAME_ADMIN=mylocal-admin
KC_HTTPS_PORT=5331

However, I have noticed that when I request the admin area mylocal-admin, the server always redirects me toward 443 instead of 5331, even if force the port in the url, it  loads js script on 443 port, which leads to an 404 error.  

Does anyone have an idea about how to force admin hostname to include the port properly

Do you know if can we define a specific port per area such us  
https://mylocal:5331 for the host  
https://mylocal:5332 for admin host

thanks

Dominik Guhr

unread,
Mar 18, 2022, 7:49:47 AM3/18/22
to zakariae Lebriq, Keycloak User
Hey, thanks for noticing. 

This is a known bug, and a fix is on the way to make it to the next keycloak version. Please stay tuned :) As a workaround for now, you could use KC_HOSTNAME_STRICT_HTTPS=false, so the hsotname is taken from the incoming request instead. 

Best regards,
Dominik

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/855bd1f6-dab1-4c13-b2ba-cbd3a3c183a8n%40googlegroups.com.

zakariae Lebriq

unread,
Mar 18, 2022, 10:18:55 AM3/18/22
to Dominik Guhr, Keycloak User
Thanks dominik For  your reply

However, I applied the workaround but it doesn't seem to be working either.

Regards
--
Zakariae LEBRIQ

Thomas Darimont

unread,
Mar 18, 2022, 11:00:50 AM3/18/22
to zakariae Lebriq, Dominik Guhr, Keycloak User
Hello Zakariae,

try something like:
KC_SPI_HOSTNAME_DEFAULT_HOSTNAME=id.acme.test:8443

KC_SPI_HOSTNAME_DEFAULT_ADMIN=admin.acme.test:8443

Cheers,
Thomas

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CALmcS2JKssK5-o5KDg24AKUCnTt_ukDakj31tnPTsUqj%2B2dSVA%40mail.gmail.com.

zakariae Lebriq

unread,
Mar 18, 2022, 11:18:10 AM3/18/22
to Thomas Darimont, Dominik Guhr, Keycloak User
Hello Thomas, 

It's working this way but it's not it's a little bit dirty.  Anyway, thank you for your workaround.

I'll stay tuned for the next version, to check whether there was a clean way to do it
Regards
--
Zakariae LEBRIQ
Reply all
Reply to author
Forward
Message has been deleted
0 new messages