5

Due to some organizational restrictions my DNS server does a basic auth credentials check before passing the request to the server. this is to avoid unwanted requests reaching the application server.

For public section of my application to load properly, I have added Auth-Headers to my request in application layer so that only first/new hit demands credentials

enter image description here

however I am not able to login and see the private section of website.

I have a keycloak running in a docker container and though it works fine when I am inside the organizational network, however from outside the network I get 401 (Unauthorized) on auth/admin/master/console/whoami request.

I can see that for this request substitutes the Authorization-headers with the token for keycloak authentication, as a result this request is blocked by the DNS and never reaches my server.

enter image description here

How can I fix this issue? How can I tell keycloak to send another authorization header along with its header in its requests. like here Multiple HTTP Authorization headers? (if that is indeed a solution?)

user4772933
  • 311
  • 3
  • 13
  • 1
    For us was to remove this header that we had in the config: `RequestHeader unset Authorization` – Edwin May 24 '22 at 07:58
  • Hi Edwin! @Edwin I have absolutely the same problem! Could you please elaborate a little bit more on your solution? In which config? – Roman Oct 18 '22 at 09:44
  • In the proxy config, we had that setting. After removing it, it work. Because keycloak needs to set Authorization. (So we had this setting, before starting with the KC) – Edwin Oct 20 '22 at 06:46
  • If you're using something like ModHeader in Chrome/Firefox, you can usually fix this by unchecking the Authorization key. – Harlin Feb 16 '23 at 13:13

1 Answers1

0

Just for those who has the same problem - try to configure KC_HOSTNAME_ADMIN_URL environment variable. For me it was cross-origin that is why whoami had failed. The list of keycloak env variables and options can be found here: https://www.keycloak.org/server/all-config I have set this var to:

KC_HOSTNAME_ADMIN_URL="https://{{ .Values.kc.hostname }}/{{ .Values.basepath }}/admin"
tur1ng
  • 1,082
  • 1
  • 10
  • 24
Roman
  • 73
  • 8