<div dir="ltr">We are planning to make the admin console/endpoints exposed on a separate bind address and port in the future, but for now this has to be done with a proxy/loadbalancer/firewall.</div><div class="gmail_extra"><br><div class="gmail_quote">On 3 May 2016 at 07:41, Thomas Connolly <span dir="ltr"><<a href="mailto:thomas_connolly@yahoo.com" target="_blank">thomas_connolly@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,Helvetica Neue Light,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:10px"><div><span>Hi</span></div><div><span><br></span></div><div dir="ltr"><span>Please advise on the approach to deploying KC where the Admin GUI and APIs are not exposed.</span></div><div dir="ltr"><br></div><div dir="ltr">We want to control what is exposed onto the internet and what is available within the organisation.</div><div dir="ltr">The flows are exposed but the admin gui / api are only accessible within the organisation.</div><div dir="ltr"><br></div><div dir="ltr">Currently we're considering filtering at the load balancer essentially whitelisting traffic.</div><div dir="ltr">The admin GUI is accessed internally within the organisation.</div><div dir="ltr"><br></div><div dir="ltr">Alternatively is there a way to config off admin ui & api and only deploy this into production? With the admin deployed internally?</div><div></div><div> </div><div>Regards
Tom Connolly.</div></div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>