[keycloak-dev] Different internal and external URLs

Stian Thorgersen sthorger at redhat.com
Thu Jun 1 09:30:54 EDT 2017

Can't you just override the IP address in the host file on the machine?

We could consider adding a feature, but it wouldn't be trivial to implement:

* A realm would need to have an issuer/public URL. Maybe also a list of
acceptable request URLs.
* Adapters would need to have two URLs for the auth-server. One the issuer
URL and another the request URL
* This would all need to have automated testing and the documentation would
need to be updated

Then there's also the fact that ideally all connections should use HTTPs so
you'd need one certificate for external request as well as another one for
internal requests. Not sure how that'd look like in the wild.

On 1 June 2017 at 14:20, John D. Ament <john.d.ament at gmail.com> wrote:

> Hi
> I have a weird deployment (if you haven't already noticed).  Since we're
> hosted on AWS, internal bandwidth is cheap while external bandwidth is
> expensive and nearly 4x the number of requests required (due to ELBs, HTTP
> proxies etc).
> I wanted to have different public facing URLs for the end user to have vs
> what the internal URLs are for keycloak.  So that any request made from the
> client app on the server side to the keycloak instances was routed to an
> internal hostname instead of the public hostname.
> Right now this isn't possible, but I was wondering if there would be any
> interest in making such a change, to allow this?
> John
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list