Keycloak Kubernetes 401 Unauthorized

Question

I have a keycloak server and a spring boot app running on Kubernetes cluster and I'm facing 2 scenarios the first one is working and the other one I'm getting 401 Unauthorized.

First scenario:

• Enter a test container with kubectl exec command inside my k8s cluster and ask for a token with a curl POST request : http://keycloak-service-name:8080/auth/realms/lisa/protocol/openid-connect/token
• I get a token
• I send a request from postman using that token to the secured endpoint of my app and It's working, access is granted

Second scenario:

• Ask for a token by sending a POST request to: http://keycloak-external-ip:port/auth/realms/lisa/protocol/openid-connect/token with the necessary parameters from postman
• I receive an access token
• I send a request from postman to the secured endpoint using that token of my app I get 401 unauthorized

The Keycloak is exposed using NodePort service.

The app is exposed using istio ingress gateway.

Keycloak server version:9.0.0.

keycloak version in spring boot app: 10.0.2

Answer 1

Fixed this by changing the keycloak.auth-server-url value in the application.properties file. The keycloak deployment has 2 services, one of type clusterIP, the second is of type nodePort

before

keycloak.auth-server-url=http://keycloak-clusterIP-service-name:8080/auth

after

keycloak.auth-server-url=http://node-ip-adress:nodePort/auth