[keycloak-dev] feature request

Stian Thorgersen sthorger at redhat.com
Wed Oct 12 00:59:04 EDT 2016 

[Adding list again]

Token based security relies on HTTPS for security. You need to use the
HTTPs domain name when you are contacting Keycloak. The HTTPs domain should
match the issuer of the domain.

On 11 October 2016 at 18:56, Mátyás Bachorecz <bachoreczm at gmail.com> wrote:

> My token audience does not match, because we request for a token via
> floating ip (openstack, like 10.xx.xx.xx), and would like to validate via
> private ip (like 192.168.xx.xx). So my question is how to solve this
> problem?
>
> There are two machines, one belongs to user, and on the other we running
> keycloak, and a client, which can validate token. But client only nows the
> private ip, and user can't access keycloak on private ip, cause he/she is
> not in that network.
>
> Br,
> Matyi
>
> On 11 October 2016 at 18:45, Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> Rather than hacking Keycloak you should figure out why your token
>> audience doesn't match. For a token to be valid it has to been issued by
>> the same server URL and realm. It's an important check and we wouldn't
>> accept a feature that prevents it.
>>
>> On 11 October 2016 at 17:07, Mátyás Bachorecz <bachoreczm at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> we have a multi-component project, and all components running in one
>>> machine, also Keycloak.
>>> We would like to obtain token via curl, and our components would like to
>>> validate it, but they can't, because we've got:
>>> "Token audience doesn't match domain. Token issuer is " +
>>> token.getIssuer()
>>> + ", but URL from configuration is " + realmUrl (RSATokenVerifier.java)
>>>
>>> I would like to implement a new feature: a new checkbox or something else
>>> to realm settings page, which can switch off the above mentioned feature.
>>> I've read that I should write an email here if I would like to implement
>>> something. Is it ok, or how it works?
>>>
>>> Br,
>>> Matyi
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>>
>

More information about the keycloak-dev mailing list