keycloak: SSL Mode not working?

Before reporting an issue

• I have searched existing issues
• I have reproduced the issue with the latest nightly release

Area

operator

Describe the bug

When setting the realms SSLMode to “External Requests”, according to the documentation I should be able to use openid connect from within the local cluster network 10.x.x.x. However I get the following error message:

oidc: issuer did not match the issuer returned by provider, expected "http://keycloak-service:8080/realms/myrealm" got "https://keycloak-service:8080/realms/myrealm"

Version

quay.io/keycloak/keycloak:20.0.2

Expected behavior

I can use openid connect

Actual behavior

I get the following error:

oidc: issuer did not match the issuer returned by provider, expected "http://keycloak-service:8080/realms/myrealm" got "https://keycloak-service:8080/realms/myrealm"

How to Reproduce?

Keycloak deployment (using operator):

apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
  name: keycloak
spec:
  instances: 2
  db:
    vendor: postgres
    host: pg-auth-rw
    database: keycloak
    usernameSecret:
      name: pg-auth-superuser
      key: username
    passwordSecret:
      name: pg-auth-superuser
      key: password
  http:
    httpEnabled: true
  hostname:
    strict: false
  ingress:
    enabled: false
  unsupported:
    podTemplate:
      metadata:
        annotations:
          linkerd.io/inject: enabled
        labels:
          my-label: "keycloak"

Go application:

package main

import (
	"context"
	"github.com/coreos/go-oidc"
)


func main() {
	var err error

	ctx := context.Background()

	issuerURL := "http://keycloak-service:8080/realms/myrealm"

	provider, err = oidc.NewProvider(ctx, issuerURL)

	if err != nil {
		log.Fatalf("Failed to get provider: %v", err)
	}
}

Anything else?

https://github.com/coreos/go-oidc/issues/386