Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Blank admin console page in Keycloak 17.0.1
See original GitHub issueDescribe the bug
Having set the port to be 443 using
# Use port 443
https-port=443
in the config file, the initial Keycloak page loads, then click “Administration Console”, log in and then you are presented with a blank admin console page, with just the black header at the top.
This is not the case if port 443 is not specified. The initial page is reachable at keycloak.mydomain.com:8443, click admin console link, log in and admin console is ok.
Version
17.0.1
Expected behavior
Expect to see all the contents of the admin console as when using the default 8443 port.
Actual behavior
Everything below the header is empty. In addition, clicking on the user “Admin” in the top right of the header and attempting to go to Manage Account fails.
How to Reproduce?
You can pretty much follow these simple instructions and then move on to part 4 where port 443 is enabled: https://www.soundsessential.com/blog/214-keycloak-17-filemaker-installation-configuration-tutorial-part-3-preparing-keycloak-17
Note, do not add the port number to the hostname for 17.0.1 in the config file in part 3 above.
It’s pretty straightforward with MySQL, SSL, install Keycloak, set up config file (NOTE: NO PROXY IS SET UP), start Keycloak to test, shut it down, change port to 443, rebuild, reboot, start Keycloak, log in and error is encountered.
It’s built on Ubuntu 20.
Anything else?
I have also been seeing some errors generated when initially logging in, such as:
2022-04-02 14:54:45,722 WARN [org.keycloak.services] (executor-thread-0) KC-SERVICES0013: Failed authentication: java.lang.RuntimeException: java.io.IOException: Underlying input stream returned zero bytes
I need to test further to see if these issues are related but adding here in case this means more to someone in the know!
If any additional details or testing is needed, happy to help so feel free to ask.
Issue Analytics
- State:
- Created a year ago
- Reactions:2
- Comments:19 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi @soundsessential thanks to your steps I was finally able to reproduce this problem.
It seems to have something to do with internal handling of standard ports and resteasy in the changes we made to the hostname provider, and for the special edge case for running without a proxy (there it works, as you have figured out by using proxy=edge). When we provide
443as https-port value, the port should be set internally to-1, which suggests to use the standard port (443 == standard). But it’s still set to 443, and this leads to the browser complaining as there’s a mismatch between expected and actual URL (with and without 443). I’ll provide a PR to fix this shortly, needs just a bit more testing here.Ok, so in the keycloak.conf file I enabled
This worked and the admin console rendered correctly. I then adjusted the value to this
This also worked and the admin console rendered as expected. Finally, just for testing I adjusted the value to this:
This failed with a start error of
2022-04-05 13:13:53,033 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Invalid value [randomtext] for configuration property [proxy].This last one is no doubt expected.
Mmm… Good question. I guess I could respond with why shouldn’t I run it without a proxy as it’s set up to and capable of running without a proxy. In my instance I wanted to limit the complexity of the deployment and while setting up Nginx may be a simple thing for most people reading this, having another piece added to the Keycloak puzzle I figured would add another barrier, point of friction or resistance to adoption within our community. The simpler we can make it, the greater the adoption of Keycloak will be. Many of our users are not native Linux, so getting them to spin up a Linux machine and deal with the command line is a win in itself!
All that said, thanks to everyone on the Keycloak X > 17 project because deployment (read adoption) is way way simpler! I can sell this concept way easier now.
So, back to the issue at hand - adding a proxy value results in Keycloak working correctly when there is no proxy. What to do about this? Is this something we should recommend to do in the installation process, if so what value should we recommend be added, or will there be a quick revision version issued where if the proxy value is commented out then Keycloak works as expected?
Many thanks and happy to test any further options.