[keycloak-user] Can we change the default realm on Keycloak?

Kevin Thorpe kevin.thorpe at p-i.net
Wed Mar 30 09:26:27 EDT 2016 

Using Nginx to stop obvious access to master realm:

Well I can hard-block with:
  location =/auth/    { return 404; }

I *should* be able to do:
  location =/auth/ {
                            allow 10.20.0.0/16;     # all our LAN + VPN
range
                            deny all;
                         }
but it's not working when I test it.

You'd also want to block:
  location   /auth/realms/master
to stop people who know it's Keycloak




*Kevin Thorpe*
VP Enterprise Platform

www.p-i.net | @PI_150 <https://twitter.com/@PI_150>

*T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
<%2B44%20%280%29808%20204%200344> *
*150 Buckingham Palace Road, London, SW1W 9TR, UK*



*SAVE PAPER - THINK BEFORE YOU PRINT!*

____________________________________________________________________

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. If you are not the intended recipient
you are notified that disclosing, copying, distributing or taking any
action in reliance on the contents of this information is strictly
prohibited.

On 30 March 2016 at 12:52, Ben Bazian <bbazian at mbopartners.com> wrote:

> Please let me know if you come up with a solution.  We would actually like
> to limit access to this page to inside the firewall.  No external access.
>
>
>
> Thanks
>
>
>
> *From:* keycloak-user-bounces at lists.jboss.org [mailto:
> keycloak-user-bounces at lists.jboss.org] *On Behalf Of *Kevin Thorpe
> *Sent:* Wednesday, March 30, 2016 7:43 AM
> *To:* keycloak-user <keycloak-user at lists.jboss.org>
> *Subject:* [keycloak-user] Can we change the default realm on Keycloak?
>
>
>
> Hi,
>
>     just wondering if we could hide the default page
> https://keycloak.mydomain.com/auth because tat prompts you to log in to
> the master realm which we don't want visible.
>
>
>
> I could block that page outright but sometimes we might need to log in to
> the master realm for user admin.
>
>
>
>
> *Kevin Thorpe*
>
> VP Enterprise Platform
>
> www.p-i.net | @PI_150 <https://twitter.com/@PI_150>
>
>
> *T: +44 (0)20 3005 6750 <%2B44%20%280%2920%203005%206750>  | F: +44(0)20
> 7730 2635 <%2B44%280%2920%207730%202635>  | T: +44 (0)808 204 0344
> <%2B44%20%280%29808%20204%200344> *
> *150 Buckingham Palace Road, London, SW1W 9TR, UK*
>
>
>
>
> *SAVE PAPER - THINK BEFORE YOU PRINT!*
>
> ____________________________________________________________________
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160330/ee8a8b2f/attachment.html

More information about the keycloak-user mailing list