Account UI resources try to load from admin path instead of frontend path #30541
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
account/ui
Describe the bug
When using Hostname V2 and when hostname contains a path different from that of the hostname-admin (i.e., hostname=https://example.com/auth/ and hostname-admin=https://admin.example.com/admin/) the account UI (located at https://example.com/auth/realms/myrealm/account) tries to load resources from https://example.com/admin/resources/ instead of https://example.com/auth/resources/.
Version
25.0.0
Regression
- The issue is a regression
Expected behavior
Account console resources should be loaded from ${frontend hostname}/${frontend path}/resources
Actual behavior
Resources are loaded from ${frontend hostname}/${admin path}/resources
How to Reproduce?
Set up keycloak with hostname containing a path that differs from hostname-admin (i.e., hostname=https://example.com/auth/, hostname-admin=https://admin.example.com). Then, try to access the account console while watching requests.
Anything else?
I'm running my Keycloak instance behind an nginx reverse proxy like so:
server {
listen 80;
listen 443 ssl;
server_name example.com;
location /auth/ {
proxy_pass http://10.10.10.2:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
listen 443 ssl;
location / {
proxy_pass http://10.10.10.2:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
/auth/realms/myrealm/login uses the correct path:
{
"imports": {
"rfc4648": "/auth/resources/bpv49/common/keycloak/node_modules/rfc4648/lib/rfc4648.js"
}
}
This can be mitigated in the meantime by adding a proxy_pass directive for /resources on example.com, though this is less than ideal:
location /resources/ {
proxy_pass http://10.10.10.2:8080/resources/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}