Re: [keycloak-dev] Application and server in separate networks
Hey Thomas,
thanks for you quick answer. I read in the documentation that it's
possible to define a "realm-public-key" in the keycloak.json but key
rotation would break the adapter. Since the Keycloak server is only
accessible within our private network, I would like to disable key
rotation and use the realm-public-key, but I wasn't able to find the
knob to deactivate that yet. Will a fixed realm public key enable me to
run the scenario I described?
Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 18.04.2018 um 14:48 schrieb Thomas Darimont:
Hello Christian,
your application server needs to communicate with the Keycloak server
to retrieve the realm public key referenced in the token to verify the
token signature.
The current implementation in Keycloak fetches & caches unknown public
keys automatically.
You could also use a fixed realm public key on the application server
side but it would not support key rotation anymore.
Cheers,
Thomas
2018-04-18 13:45 GMT+02:00 Christian Beikov
<christian.beikov(a)gmail.com <mailto:christian.beikov@gmail.com>>:
Hi,
is it necessary that an application secured by Keycloak can access
the
Keycloak server? Or is it enough if the Browser can access the
Keycloak
server?
--
Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<https://lists.jboss.org/mailman/listinfo/keycloak-dev>