Keycloak invalid redirect URI when deployed on openshift with https

1/9/2019

I tried deploying jboss/keycloak with postgresql on openshift. When i enter the keycloak username/password, I am using secure route. It redirects me to the page that says, Invalid parameter: redirect_uri.

Environment variables on keycloak:

        - name: KEYCLOAK_USER
          value: admin
        - name: KEYCLOAK_PASSWORD
          value: admin
        - name: DB_VENDOR
          value: postgres
        - name: DB_PORT
          value: '5432'
        - name: DB_ADDR
          value: postgresql
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              key: database-password
              name: postgresql
        - name: DB_DATABASE
          valueFrom:
            secretKeyRef:
              key: database-name
              name: postgresql
        - name: DB_USER
          valueFrom:
            secretKeyRef:
              key: database-user
              name: postgresql`

When I remove the secure route, it works fine. How can i get it work in the https as well

-- Ayush Ojha
docker
kubernetes
openshift
postgresql
redhat

1 Answer

9/17/2019

I have keycloak 7.0.0 docker behind ssl-terminating ingress proxy on kubernetes.

If you are unable to login first time as administrator:

First, as described here, switch keycloak to http mode.

update REALM set ssl_required = 'NONE' where id = 'master';

Second, put

 - name: KEYCLOAK_ALWAYS_HTTPS
   value: "true"

into your keycloak docker env.

After first step you will be getting "Invalid parameter: redirect_uri" error. Second step will fix that error and you will be able to login as administrator.

Your ingress should forward http port only.

All env variables for keycloak:

    - name: KEYCLOAK_HOSTNAME
      value: "your.keycloak.host"
    - name: KEYCLOAK_ALWAYS_HTTPS
      value: "true"
    - name: KEYCLOAK_USER
      value: "admin"
    - name: KEYCLOAK_PASSWORD
      value: "password"
    - name: PROXY_ADDRESS_FORWARDING
      value: "true"

    - name: DB_VENDOR
      value: postgres
    - name: DB_ADDR
      value: <host>
    - name: DB_DATABASE
      value: keycloak
    - name: DB_USER
      value: keycloak
    - name: DB_PASSWORD
      value: keycloak
-- Nataraj
Source: StackOverflow