Keycloak Configuration

Updating Keycloak Client Configuration

After running the docker compose up command to start your application, it is essential to update the Keycloak client configuration based on the hostname (IP address or DNS) of your deployment. This ensures proper authentication and communication between your application and Keycloak.

Accessing the Keycloak Admin Console¶

To update the client configuration, follow these steps:

Open the Keycloak Admin Console:
- Navigate to the Keycloak Admin Console in your browser:
  Text Only
```
http://$hostname/auth/
```
  or, if HTTPS is enabled:
  Text Only
```
https://$hostname/auth/
```
- Replace $hostname with the IP address or DNS name of your deployment.
Log in with Default Credentials:
- Use the following default credentials to log in:
  - Username: admin-demo
  - Password: admin-demo
- After logging in, you will be directed to the Keycloak Admin Console dashboard.

Updating the Keycloak Client Configuration¶

Once logged in, follow these steps to update the client configuration:

Switch to the Correct Realm:
- In the left sidebar, click on the dropdown menu at the top to select the apifort realm.
- Ensure you are working within the correct realm where your application is configured.
Navigate to Clients:
- In the left-hand menu, click on Clients.
- This will display a list of all clients configured for the selected realm.
Select the apifort-client:
- Locate the client named apifort-client in the list.
- Click on the client name to open its settings.
Update the Root URL:
- In the Settings tab, find the field labeled Root URL.
- Update it to match the base URL of your application in the browser. For example:
  Text Only
```
http://<browserurl>
```
  or, if HTTPS is enabled:
  Text Only
```
https://<browserurl>
```
- Replace <browserurl> with the hostname (IP or DNS) where your application is accessible.
Update the Valid Redirect URIs:
- In the Settings tab, locate the Valid Redirect URIs field.
- Update it to include the following pattern:
  Text Only
```
http://<browserurl>/*
```
  or, if HTTPS is enabled:
  Text Only
```
https://<browserurl>/*
```
- This ensures that all possible redirect URIs under the specified hostname are valid.
Save Changes:
- Scroll down and click the Save button to apply your changes.

Verifying the Configuration¶

Test Authentication:
- Access your application in the browser and attempt to log in using the Keycloak authentication flow.
- Verify that the login page redirects correctly and that no errors occur.
Check Keycloak Logs:
- If authentication fails, review the Keycloak server logs for error messages related to the client configuration.

Troubleshooting Common Issues¶

Invalid Redirect URI Error:
- This error occurs if the redirect URI used by your application does not match the patterns specified in the Valid Redirect URIs field.
- Double-check the hostname and ensure that the URI ends with /* to allow all subpaths.
CORS Errors:
- If you encounter CORS (Cross-Origin Resource Sharing) errors in your browser's developer console, ensure that the Web Origins field in the client settings includes the application hostname. For example:
  Text Only
```
http://<browserurl>
```
  or
  Text Only
```
https://<browserurl>
```
DNS or IP Mismatch:
- If your application is accessible via multiple hostnames (e.g., IP and DNS), ensure that all variations are included in the Valid Redirect URIs field.
SSL/TLS Issues:
- If using HTTPS, verify that your SSL/TLS certificates are properly configured and valid.

Example Configuration¶

Assume your application is accessible at http://apifort.example.com. The updated client configuration would look like this:

Root URL: http://apifort.example.com
Valid Redirect URIs: http://apifort.example.com/*

If HTTPS is enabled, the configuration would be:

Root URL: https://apifort.example.com
Valid Redirect URIs: https://apifort.example.com/*