Hello,
we’ve got a bare metal keycloak install in version 26.4.5. If I start a keycloak container with the same version everything works as expected, but all users are disabled. What could be causing this?
Thank you for your help
Keycloak makes no difference on how/where it is being executed and there is also no setting like “disable all users”. So, it’s most probably part of your configuration and/or (network) environment. But without knowing anything about that, you can’t get help.
When you say “all users are disabled” - what kind of users are those? Users stored directly (natively) in Keycloak’s database? Users coming from a federation, like LDAP? Questions over questions. We can only help if you tell us more about your environment.
Thanks for taking the time to help.
Only our LDAP users are being marked as disabled. The Keycloak Docker instance runs behind a bare-metal Apache2 reverse proxy.
If I bypass Apache2 and use the Docker Keycloak directly, the users are are not disabled.
Additionally, if I revert to the bare-metal Keycloak installation, the users are not disabled.
My Docker configuration uses KC_PROXY=edge and KC_HTTP_ENABLED=true, with proxy headers set to xforwarded.
Thank you
As it works when you bypass your reverse proxy, I guess it isn’t related to Keycloak, but to your network.
It sounds like your Keycloak node is not able to communicate properly with your LDAP, when running behind the proxy. Keycloak has to reach the LDAP server on its configured port!
This is old, outdated and no more used.
Please don’t copy just anything from a random blog/environment, but read the official documentation about relevant config settings.