Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keycloak 25 version doesnot work when i am calling its service name - codecentric keycloak helm charts #795

Open
Ajmalkhan7 opened this issue Sep 10, 2024 · 1 comment
Open

keycloak 25 version doesnot work when i am calling its service name - codecentric keycloak helm charts #795

Ajmalkhan7 opened this issue Sep 10, 2024 · 1 comment
Labels
Stale

Comments

@Ajmalkhan7
Copy link

when I am calling keycloak from another test pod using keycloak service name its redirecting to ingress domain.

wget from test pod respose:

wget keycloakx-http.sso:80/auth
--2024-09-10 07:13:01-- http://keycloakx-http.sso/auth
Resolving keycloakx-http.sso (keycloakx-http.sso)...
Connecting to keycloakx-http.sso (keycloakx-http.sso)||:80... connected.
HTTP request sent, awaiting response... 303 See Other
Location: http://keycloakx-http.sso/auth/ [following]
--2024-09-10 07:13:01-- http://keycloakx-http.sso/auth/
Reusing existing connection to keycloakx-http.sso:80.
HTTP request sent, awaiting response... 302 Found
Location: http://keycloak.company.com/auth/admin/ [following]
--2024-09-10 07:13:01-- http://keycloak.company.com/auth/admin/

when i am calling api to retrive token from keycloak, I am not sure if following error happens because of this

Couldn't retrieve remote JWK set: org.springframework.web.client.ResourceAccessException: I/O error on GET request for ...
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

My helm charts values.yaml

command:

  • "/opt/keycloak/bin/kc.sh"
  • "start"
  • "--spi-events-listener-jboss-logging-success-level=info"
  • "--spi-events-listener-jboss-logging-error-level=warn"

extraEnv: |

  • name: KEYCLOAK_ADMIN
    value: admin
  • name: KEYCLOAK_ADMIN_PASSWORD
    value: admin
  • name: JAVA_OPTS_APPEND
    value: >-
    -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
    -Dkeycloak.hostname=keycloak.company.com
    -Dkeycloak.proxy=forward
  • name: KC_HOSTNAME_STRICT
    value: "false"
  • name: KC_HTTP_RELATIVE_PATH
    value: "/auth"
  • name: KC_CACHE_STACK
    value: kubernetes
  • name: KC_PROXY
    value: edge
  • name: HTTP_ADDRESS_FORWARDING
    value: "true"
  • name: KC_HOSTNAME
    value: keycloak.company.com
  • name: KC_HEALTH_ENABLED
    value: "true"
  • name: KC_HTTP_ENABLED # SSL termnites at reverser proxy, need this enabled.
    value: "true"
  • name: KC_HOSTNAME_STRICT_HTTPS # SSL termnites at reverser proxy, need this disabled.
    value: "true"
  • name: KC_SPI_HOSTNAME_DEFAULT_ADMIN
    value: "keycloak.company.com"
  • name: PROXY_ADDRESS_FORWARDING
    value: "true"
  • name: KEYCLOAK_PRODUCTION
    value: "true"
  • name: KC_PROXY_HEADERS
    value: "xforwarded"

kindly help me resolve this issue.
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 9, 2024

This issue has been marked as stale because it has been open for 30 days with no activity. It will be automatically closed in 10 days if no further activity occurs.

@github-actions github-actions bot added the Stale label Nov 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ajmalkhan7