Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change: set keycloak frontend url in api for well-known discovery #3801

Merged
merged 3 commits into from
Sep 10, 2024
Merged

change: set keycloak frontend url in api for well-known discovery #3801

merged 3 commits into from
Sep 10, 2024

Conversation

shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Sep 4, 2024
edited
Loading

General Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for inclusion in changelog

Database Migrations

  • If your PR contains a database migation, it MUST be the latest in date order alphabetically

This change requires these changes in the charts.

The main things changing are to allow internal comms for the API to Keycloak, while still presenting the keycloak frontend url for the well-known discovery endpoint.

This still populates the forgot password reset emails with the publicly accessible Keycloak URL so that users will be able to perform password resets. This can be confirmed in both the make up and make k3d/local-stack and visiting either the mailhog/mailpit that is started and doing a password reset. In make k3d/local-stack a user is invited as part of the seeding steps, and checking in the mailpit that starts as part of that stack you'll see the reset email with the "public" URL for Keycloak.

In make k3d/local-stack there is the ability to access keycloak via https, but it will fail to load the resources because the frontend url for keycloak is set to the http endpoint in the Makefile. In production, this would be set to the https endpoint under a keycloakFrontEndURL value in the core values (but defaults to the ingress with https if not provided). This is unchanged behaviour, just calling this out here though.

@shreddedbacon shreddedbacon changed the title change: remove keycloak admin url variable to allow internal communic… change: remove keycloak admin url variable to allow internal comms Sep 4, 2024
@shreddedbacon shreddedbacon changed the title change: remove keycloak admin url variable to allow internal comms change: set keycloak frontend url in api for wellknown path Sep 4, 2024
@shreddedbacon shreddedbacon changed the title change: set keycloak frontend url in api for wellknown path change: set keycloak frontend url in api for well-known discovery Sep 4, 2024
@shreddedbacon shreddedbacon added this to the 2.21.0 milestone Sep 8, 2024
@shreddedbacon shreddedbacon marked this pull request as ready for review September 9, 2024 05:01
tobybellwood
tobybellwood approved these changes Sep 10, 2024
View reviewed changes
Copy link
Member

@tobybellwood tobybellwood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested working ok

@tobybellwood tobybellwood merged commit 8ebce41 into main Sep 10, 2024
1 check passed
@tobybellwood tobybellwood deleted the keycloak-admin-url branch September 10, 2024 06:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobybellwood tobybellwood tobybellwood approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.21.0
Development

Successfully merging this pull request may close these issues.
2 participants
@shreddedbacon @tobybellwood