keycloak-quickstarts icon indicating copy to clipboard operation
keycloak-quickstarts copied to clipboard

Published 20 hours ago verified publisher icon keycloak

Using "/auth" in the examples while it does not work on keycloak 18

Open siarhei-skavarodkin opened this issue 2 years ago • 1 comments

Describe the bug

Remove /auth from source code and documentation since it does not work (out of the box) on keycloak 18

Noticed at least here (I haven't checked other places): KeycloakConfigResolver in app-authz-springboot-multitenancy

where the line

config.setAuthServerUrl("http://localhost:8180/auth");

shall be replaced with

config.setAuthServerUrl("http://localhost:8180");

Dockerfile used to run keycloak:

services:
  keycloak:
    image: quay.io/keycloak/keycloak:18.0.0
    hostname: keycloak
    container_name: keycloak_18.0.0
    ports:
      - 8180:8080
    environment:
      DB_VENDOR: h2
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      JAVA_OPTS_APPEND: -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
    volumes:
      - ./config:/opt/keycloak/data/import
    entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev", "--import-realm"]

Version

18

Expected behavior

example app-authz-springboot-multitenancy should work out of the box without need to check why exception is thrown

Actual behavior

trying to invoke URLs from app-authz-springboot-multitenancy lead to the exception because keycloak tries to load config from http://localhost:8180/auth/realms/realm-a/.well-known/openid-configuration while actually working URL should be http://localhost:8180/realms/realm-a/.well-known/openid-configuration

How to Reproduce?

  • create file docker-compose.yaml at folder app-authz-springboot-multitenancy with the content as follows:
services:
  keycloak:
    image: quay.io/keycloak/keycloak:18.0.0
    hostname: keycloak
    container_name: keycloak_18.0.0
    ports:
      - 8180:8080
    environment:
      DB_VENDOR: h2
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      JAVA_OPTS_APPEND: -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
    volumes:
      - ./config:/opt/keycloak/data/import
    entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev", "--import-realm"]
  • docker-compose up
  • run application app-authz-springboot-multitenancy
  • try to open http://localhost:8080/realm-a in browser

Anything else?

all samples and docs shall be reviewed for having /auth in URL

siarhei-skavarodkin avatar Jul 11 '22 10:07 siarhei-skavarodkin

Try to add --http-relative-path /auth parameter to the start.

This works for me:

docker run --name keycloak -p 8180:8180 \
     -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
     quay.io/keycloak/keycloak:latest \
     start-dev \
     --http-port 8180 \
     --http-relative-path /auth

Kostanos avatar Aug 11 '22 08:08 Kostanos