The Red Hat Keycloak version 22 brings a lot of changes to this SSO application. A full guide for the migration process may be found on the following link. One of the biggest changes was that embedded databases are not supported anymore, therefore an external database needs to be provided.
Red Hat’s KeyCloak installation on Open Shift is pretty straightforward through the Operators Hub. However, during a recent installation I noticed some problems that needed extra configuration to be fixed.
HTTP Error 431: Request Header Fields Too Large
The SSO client may get the 431 error after the login. This can be fixed by disabling HTTP2 on Keycloak CR, like the following:
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: rh-keycloak
spec:
instances: 1
...
unsupported:
podTemplate:
spec:
containers:
- env:
- name: QUARKUS_HTTP_HTTP2
value: "false"
...
Legacy applications getting 404 after login on the /auth path
The /auth is not used anymore on KeyCloak, therefore if your legacy applications use this path in the SSO URL it should be removed. However, there might be some cases where this path needs to be kept for compatibility. In this case, the following additional option does the trick and changes the default base path:
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: rh-keycloak
spec:
additionalOptions:
- name: http-relative-path
value: /auth
instances: 1
..
Deixe um comentário