Fix keycloak weird logins

src/main/cljc/dda/c4k_keycloak/keycloak.cljc

@@ -62,7 +62,7 @@
     (->
      (yaml/load-as-edn "keycloak/configmap.yaml")
      (cm/replace-all-matching "NAMESPACE" namespace)
-     (cm/replace-all-matching "FQDN" (str "https://" fqdn)))))
+     (cm/replace-all-matching "FQDN" fqdn))))
 
 (defn-spec generate-service cp/map-or-seq?
   [config config?]

src/main/resources/keycloak/configmap.yaml

@@ -8,9 +8,11 @@ metadata:
 data:
   KC_HTTPS_CERTIFICATE_FILE: /etc/certs/tls.crt
   KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/certs/tls.key
-  # This is the hostname under which the keycloak is accessible on the internet
+  # We trust our traefik to properly set headers
-  # This hostname actually needs to an url specifying a scheme from which a port is derived
+  # see: https://www.keycloak.org/server/reverseproxy & https://www.keycloak.org/server/hostname
+  # and: https://doc.traefik.io/traefik/getting-started/faq/#what-are-the-forwarded-headers-when-proxying-http-requests
   KC_HOSTNAME: FQDN
+  KC_PROXY_HEADERS: xforwarded
   KC_DB: postgres
   KC_DB_URL_HOST: postgresql-service
   KC_DB_URL_PORT: "5432"

src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc

@@ -29,7 +29,8 @@
           :data
           {:KC_HTTPS_CERTIFICATE_FILE "/etc/certs/tls.crt",
            :KC_HTTPS_CERTIFICATE_KEY_FILE "/etc/certs/tls.key",
-           :KC_HOSTNAME "https://test.de" ,
+           :KC_HOSTNAME "test.de" ,
+           :KC_PROXY_HEADERS "xforwarded" ,
            :KC_DB "postgres",
            :KC_DB_URL_HOST "postgresql-service",
            :KC_DB_URL_PORT "5432",