Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-2963

Frontend endpoint redirects to admin endpoint [GHI#38463]

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Before reporting an issue

      [x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

      Area

      core

      Describe the bug

      The /admin endpoint redirects to the Admin Console for convenience. However this might disclose the admin hostname when hostname-admin is configured.

      Version

      main

      Regression

      [ ] The issue is a regression

      Expected behavior

      Redirect to Admin Console is performed only when /admin is accessed via the Admin Hostname (which falls back to frontend when hostname-admin is not configured).

      Actual behavior

      Redirect always happens.

      How to Reproduce?

      Start Keycloak as:

      kc.sh start --http-enabled=true --hostname http://127.0.0.1.nip.io:8080/ --hostname-admin http://admin.127.0.0.1.nip.io:8080/

      Run:

      curl http://127.0.0.1.nip.io:8080/admin -v

      Observe:

      Location: http://admin.127.0.0.1.nip.io:8080/admin/master/console/

      Anything else?

      No response

              Unassigned Unassigned
              pvlha Pavel Vlha
              Keycloak Core (shared)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: