The keycloak admin console somehow checks the hostname that is requested and the redirect URLs case-sensitively. Since the browser doesn't and always sends the lowercase version of the requested host, the Keycloak admin console doesn't load anymore if keycloak is started with a hostname that has uppercase letters. We use ucs-sso-ng.$(ucr get domainname) as a default for keycloak/server/sso/fqdn. We should convert that default to lowercase to catch most cases. We should put a sentence in the documentation, that there are problems with uppercase letters in case someone adjusts the setting. We need to change the UMC ipchange module as well, which checks if the sso_fqdn matches the zone case sensitively.
Keycloak repository: 4c51543 Issue #214: Lowercase domainname and keycloak/server/sso/fqdn per default The keycloak/server/sso/fqdn setting has now an all lowercase default. If it is manually set to a mixed case value, it is converted to lowercase in the compose file from the appcenter. We also adjusted the UMC module "ipchange" to check the zone name case insensitively. UCS repo: c09fbca2e9 Bug #57290: Compare zone case insensitively Cherry-picked and build in 5.0-7, 5.1 and 5.2
701cb0ae5a | remove yaml from 5.1-0 Verified: * MRs for https://git.knut.univention.de/univention/components/keycloak-app/-/issues/214 merged * Patch for univention-management-console-module-ipchange present in 5.1 and 5.2 * New version of univention-management-console-module-ipchange built in 5.1 and 5.2 * UCS 5.2 Keycloak test case fixed: https://jenkins2022.knut.univention.de/job/UCS-5.2/job/UCS-5.2-0/job/AutotestJoin/SambaVersion=s4,Systemrolle=master/lastCompletedBuild/testReport/81_keycloak/01_test_keycloak_login/test_login_administrator_chromium_/ * Functional test * Advisory
Also: * No regression for the other tests: https://jenkins2022.knut.univention.de/job/UCS-5.2/job/UCS-5.2-0/job/AutotestJoin/
<https://errata.software-univention.de/#/?erratum=5.0x1058>