[keycloak-user] Can we change the default realm on Keycloak?

Marek Posolda mposolda at redhat.com
Wed Mar 30 09:17:01 EDT 2016 

Hi,

you can configure welcome theme in keycloak-server.json - See docs 
http://keycloak.github.io/docs/userguide/keycloak-server/html/themes.html#d4e2326 
. Then in your theme you can override the welcome file and hide link to 
admin console from it.

For access admin console just from local addresses, we don't support it 
AFAIK, but you can achieve it with usage of some custom proxy/filter, 
which will reject request coming from external IP address.

For the future, we plan to improve authorization/permissions for admin 
console. As part of this, it will be possible to create authorization 
rule to limit access just for some IP addresses. Not sure when this is 
available though...

Marek

On 30/03/16 13:53, Kevin Thorpe wrote:
> Well I can hard-block because we front everything with an Nginx 
> instance. Just seems dirty though.
>
>
> *Kevin Thorpe*
> VP Enterprise Platform
>
> www.p-i.net <http://www.p-i.net/> | @PI_150 <https://twitter.com/@PI_150>
>
> *T: +44 (0)20 3005 6750 <tel:%2B44%20%280%2920%203005%206750>  | F: 
> +44(0)20 7730 2635 <tel:%2B44%280%2920%207730%202635>  | T: +44 (0)808 
> 204 0344 <tel:%2B44%20%280%29808%20204%200344> *
> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
> ____________________________________________________________________
>
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they 
> are addressed. If you have received this email in error please notify 
> the system manager. This message contains confidential information and 
> is intended only for the individual named. If you are not the named 
> addressee you should not disseminate, distribute or copy this e-mail. 
> Please notify the sender immediately by e-mail if you have received 
> this e-mail by mistake and delete this e-mail from your system. If you 
> are not the intended recipient you are notified that disclosing, 
> copying, distributing or taking any action in reliance on the contents 
> of this information is strictly prohibited.
>
>
> On 30 March 2016 at 12:52, Ben Bazian <bbazian at mbopartners.com 
> <mailto:bbazian at mbopartners.com>> wrote:
>
>     Please let me know if you come up with a solution.  We would
>     actually like to limit access to this page to inside the
>     firewall.  No external access.
>
>     Thanks
>
>     *From:*keycloak-user-bounces at lists.jboss.org
>     <mailto:keycloak-user-bounces at lists.jboss.org>
>     [mailto:keycloak-user-bounces at lists.jboss.org
>     <mailto:keycloak-user-bounces at lists.jboss.org>] *On Behalf Of
>     *Kevin Thorpe
>     *Sent:* Wednesday, March 30, 2016 7:43 AM
>     *To:* keycloak-user <keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>>
>     *Subject:* [keycloak-user] Can we change the default realm on
>     Keycloak?
>
>     Hi,
>
>         just wondering if we could hide the default page
>     https://keycloak.mydomain.com/auth
>     <https://keycloak.mydomain.com/auth> because tat prompts you to
>     log in to the master realm which we don't want visible.
>
>     I could block that page outright but sometimes we might need to
>     log in to the master realm for user admin.
>
>
>     *Kevin Thorpe*
>
>     VP Enterprise Platform
>
>     www.p-i.net <http://www.p-i.net/> | @PI_150
>     <https://twitter.com/@PI_150>
>
>
>     *T: +44 (0)20 3005 6750 <tel:%2B44%20%280%2920%203005%206750>  |
>     F: +44(0)20 7730 2635 <tel:%2B44%280%2920%207730%202635>  | T: +44
>     (0)808 204 0344 <tel:%2B44%20%280%29808%20204%200344> *
>     *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
>     *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
>     ____________________________________________________________________
>
>     This email and any files transmitted with it are confidential and
>     intended solely for the use of the individual or entity to whom
>     they are addressed. If you have received this email in error
>     please notify the system manager. This message contains
>     confidential information and is intended only for the individual
>     named. If you are not the named addressee you should not
>     disseminate, distribute or copy this e-mail. Please notify the
>     sender immediately by e-mail if you have received this e-mail by
>     mistake and delete this e-mail from your system. If you are not
>     the intended recipient you are notified that disclosing, copying,
>     distributing or taking any action in reliance on the contents of
>     this information is strictly prohibited.
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160330/6d580d8b/attachment-0001.html

More information about the keycloak-user mailing list