Search code examples
azurekeycloakazure-webapps

Keycloak Admin Console Login - Infinite Loop

I have almost successfully deployed Keycloak 18.0.2 into a container running in an Azure Web App.

Slight problem however is that I can't log in. The admin console login allows me to enter the username and password (and doesn't error at all).

It then redirects to https://my-url.com/admin/master/console#state=<some value>

It then redirects to https://my-url.com/admin/master/console

It then redirects back to the login screen.

There are no errors that I can see - with the only information coming from a load of warnings to do with cookies that have already expired:

enter image description here

My Dockerfile is here and there aren't any other pertinent settings anywhere (e.g. nothing set in the App Service's configuration pane):

FROM quay.io/keycloak/keycloak:18.0.2 as builder

ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_DB=mssql
ENV KC_FEATURES=token-exchange

RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:18.0.2
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak

ENV KC_DB_URL=<redacted>
ENV KC_DB_USERNAME=<redacted>
ENV KC_DB_PASSWORD=<redacted>

ENV KEYCLOAK_ADMIN=<redacted>
ENV KEYCLOAK_ADMIN_PASSWORD=<redacted>

ENV KC_PROXY=edge
ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME_STRICT_HTTPS=false

EXPOSE 8080

ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

Edit I've spent the day debugging this and I've come to the conclusion that something is causing the application to fail to start correctly, and as a result things are getting messed up somewhere.

Upon starting the container the database (Azure Sql Server) is correctly set up with tables and initial data etc but then Keycloak fails to start. Upon restarting the container I either get a Unique Key violation error or it works. On the odd occasion when the container does spin up occasionally I get the behaviour described above but looking in the logs it looks like the admin user has already been created.

Solution

  • Solved!

    The Dockerfile was missing ENV KC_TRANSACTION_XA_ENABLED=false in the build step.

    Somehow it had worked without this at some point and while trying to debug I got into a bit of a spiral of deploying broken things on top of more broken things.

    Clearing everything back, starting again and adding this enviornment variable has done the trick