Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeyCloak - Allow selection of Http/Https Schemes for the URL's this is for running KeyCloak on HTTPs #8064

Open
1 task done
robobrown opened this issue Mar 13, 2025 · 0 comments
Open
1 task done

KeyCloak - Allow selection of Http/Https Schemes for the URL's this is for running KeyCloak on HTTPs #8064

robobrown opened this issue Mar 13, 2025 · 0 comments
Labels
area-app-model Issues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication

Comments

@robobrown
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

Please assist in updating the code in the method: public static IResourceBuilder AddKeycloak(

We are required to run keycloak on HTTPs endpoints and the code is hardcoded to add HTTP endpoints
if we do not change the scheme, health checks fail and then the code does not run correctly.

public static IResourceBuilder<KeycloakResource> AddKeycloak(
    this IDistributedApplicationBuilder builder,
    string name,
    int? port = null,
    string scheme = "http",
    IResourceBuilder<ParameterResource>? adminUsername = null,
    IResourceBuilder<ParameterResource>? adminPassword = null)

.........

    if (scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
    {
        keycloak
            .WithHttpsEndpoint(port: port, targetPort: DefaultContainerPortHttps)
            .WithHttpsEndpoint(targetPort: ManagementInterfaceContainerPort, name: ManagementEndpointName)
            .WithHttpsHealthCheck(endpointName: ManagementEndpointName, path: "/health/ready");
    }
    else
    {
        keycloak
            .WithHttpEndpoint(port: port, targetPort: DefaultContainerPort)
            .WithHttpEndpoint(targetPort: ManagementInterfaceContainerPort, name: ManagementEndpointName)
            .WithHttpHealthCheck(endpointName: ManagementEndpointName, path: "/health/ready");
    }

Expected Behavior

When adding KeyCloak, the developer is able to select HTTP or HTTPS schemes.
I've attached the sample changes I made to the class, and have tested it is working as expected.

NB.
I am using the RunWithHttpsDevCertificate for the Development Certs and for Production I am using a custom wildcard signed certificate

https://github.com/dotnet/aspire-samples/blob/b741f5e78a86539bc9ab12cd7f4a5afea7aa54c4/samples/Keycloak/Keycloak.AppHost/KeycloakExtensions.cs

KeycloakResourceBuilderExtensions.txt

Steps To Reproduce

No response

Exceptions (if any)

ACI is giving some challenges with running KeyCloak on HTTPS with custom certificates, it seems like the Controller cannot connect to the Application Ports on port 8443, and giving the generic upstream error message. To work around this for now we are running the deployed environment on HTTP, and use ACI to convert it to HTTPS, we set the KC_HOSTNAME parameter to the full URL https://your.domain.name/admin all works well.

our other apps using back channel are using HTTPS, going out of the container environment and then back in via the HTTPS port until we can resolve running KeyCloke on ACI with HTTPS configuration.

.NET Version info

No response

Anything else?

No response
@github-actions github-actions bot added the area-app-model Issues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication label Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-app-model Issues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robobrown