Access denied after logging in a demo or theterminator

[theckang]

During a customer workshop, users were receiving the error Access denied when logging in as a demouser or theterminator. There were no issues in the keycloak or ingress gateway pods. The issue is the nodeJS app user interface. In the app-ui logs, it throws this error:

Could not obtain grant code: Error: certificate has expired

It seems the keycloak nodeJS library rejects the callback if the URL is not valid HTTPS.

Setting the following environment variable fixed the issue:

oc set env dc/app-ui NODE_TLS_REJECT_UNAUTHORIZED=0

[dudash]

I thought this flag changed the behavior to stop checking the certs on TLS connections. Error seems to indicate that it's an expired cert not a HTTP callback.
https://nodejs.org/api/cli.html#node_tls_reject_unauthorizedvalue

I'll approve the PR but recommend keeping this issue open until we resolve the proper way.

[theckang]

I'm not actually sure why there is a cert check at all. In the workshop, we use a http endpoint. We don't have a https endpoint for the user interface.

So, I think the error is throwing because it expects a https endpoint. I'm also confused because we didn't have this issue before.