/DatabaseStatus wrong redirect_uri when using Keycloak?

[StefanSchuhart]

Hi,

using Keycloak as auth-provider, it seems that the redirect_uri parameter for the redirection from Keycloak-Login page back to https://{myDomain}/DatabaseStatus is incorrect.

When clicking on DatabaseStatus the Login-URL (auth/realms/frostrealm/protocol/openid-connect/auth?response_type=code&client_id={myClientID}&redirect_uri=http%3A%2F%2F{myDomain}%2FFROST-Server%2FDatabaseStatus&state=123&login=true&scope=openid) contains a parameter redirect_uri with value {myDomain}%2FFROST-Server%2FDatabaseStatus.

This leads to a 404-Message: The requested resource [/FROST-Server/FROST-Server/DatabaseStatus] is not available

Changing redirect_uri to http%3A%2F%2F{myDomain}%2FDatabaseStatus leads to 403 Forbidden.

I think the redirect_uri interferes with our rewrite from / to /FROST-Server in our Ingress. Could it be, that the "redirect-rewrite-rules"-Parameter has to be adjusted accordingly (see https://www.keycloak.org/docs/latest/securing_apps/#_java_adapter_config)?

[hylkevds]

You could try doing the auth procedure with the browser-debugger open, so you can see what keycloak actually redirects to. Then you can see if the problem is in keycloak, or in the ingress configuration.