[keycloak-dev] Application and server in separate networks

Thomas Darimont thomas.darimont at googlemail.com
Wed Apr 18 08:48:52 EDT 2018


Hello Christian,

your application server needs to communicate with the Keycloak server to
retrieve the realm public key referenced in the token to verify the token
signature.
The current implementation in Keycloak fetches & caches unknown public keys
automatically.

You could also use a fixed realm public key on the application server side
but it would not support key rotation anymore.

Cheers,
Thomas

2018-04-18 13:45 GMT+02:00 Christian Beikov <christian.beikov at gmail.com>:

> Hi,
>
> is it necessary that an application secured by Keycloak can access the
> Keycloak server? Or is it enough if the Browser can access the Keycloak
> server?
>
> --
>
> Mit freundlichen Grüßen,
> ------------------------------------------------------------------------
> *Christian Beikov*
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list