Charts: Keycloak Invalid parameter: redirect_uri nginx-ingress

Created on 13 Feb 2019  路  5Comments  路  Source: helm/charts

Is this a request for help?:

Yes

Version of Helm and Kubernetes:

EKS

Which chart:

stable/keycloak

What happened:
Invalid parameter: redirect_uri

How to reproduce it (as minimally and precisely as possible):

Base install of stable/keycloak with the follwing values.yaml 

extraEnv: |
    - name: PROXY_ADDRESS_FORWARDING
      value: "true"

Base install of stable/nginx-ingress with the following values.yaml

controller:
  config:
    proxy-protocol: "true"
    real-ip-header: "proxy_protocol"
    set-real-ip-from: "0.0.0.0/0"

  service:
    targetPorts:
      http: http
      https: http
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:xxxx"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '3600'

web-ingress looks like this:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: web-ingress
  annotations :
    kubernetes.io/tls-acme: "true"
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  rules:
  - host: auth.mydomain.com
    http:
      paths:
      - backend:
          serviceName: keycloak-http
          servicePort: 80

So when i try going to https://auth.mydomain.com and click on admin console i get: Invalid parameter: redirect_uri

lifecyclstale
Source
picture miguel-veliz
👍3

Most helpful comment

For future researchers you need to add the following environment variables to your keycloak pod:

- name: PROXY_ADDRESS_FORWARDING
  value: "true"

This is documented on the keycloak container image page in the Enable proxy address forwarding section.

picture nccurry on 2 Apr 2019
👍13 🚀6 👎1

All 5 comments

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

stale[bot] picture stale[bot] on 15 Mar 2019

This issue is being automatically closed due to inactivity.

stale[bot] picture stale[bot] on 29 Mar 2019

For future researchers you need to add the following environment variables to your keycloak pod:

- name: PROXY_ADDRESS_FORWARDING
  value: "true"

This is documented on the keycloak container image page in the Enable proxy address forwarding section.

nccurry picture nccurry on 2 Apr 2019
👍13 🚀6 👎1

I'm running keycloak on eks with the nginx-ingress-controller and I get the same error with a clean install after setting

- name: PROXY_ADDRESS_FORWARDING
  value: "true"
wstewartii picture wstewartii on 23 May 2019
👍9

Check the logs and make sure the remote app is not setting a bad redirect_uri such as https://myapp:0/path note the :0
You may need to set confidential-port: 443 in your apps keycloak config

timothyclarke picture timothyclarke on 17 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

paskal picture paskal  路  3Comments
kminehart picture kminehart  路  3Comments
out-of-band picture out-of-band  路  3Comments
harshmehta93 picture harshmehta93  路  3Comments
rajkumar49 picture rajkumar49  路  3Comments