I have a weird deployment (if you haven't already noticed). Since we're
hosted on AWS, internal bandwidth is cheap while external bandwidth is
expensive and nearly 4x the number of requests required (due to ELBs, HTTP
I wanted to have different public facing URLs for the end user to have vs
what the internal URLs are for keycloak. So that any request made from the
client app on the server side to the keycloak instances was routed to an
internal hostname instead of the public hostname.
Right now this isn't possible, but I was wondering if there would be any
interest in making such a change, to allow this?
I'm not sure what the current release state looks like, but wanted to bring
your attention to an issue in WF11 I had raised. It actually impacts the
clustering pieces, which is pretty important to keycloak.
Basically, a number of jgroups configs no longer work in WF11. I'm not
sure if you have a way to escalate this, since it has pretty important
impact to Keycloak.
Would it be an idea to have a field on a client to specify a required role
that users have to have to be permitted to authenticate to the client?
We could add support for this directly in the login flows. If the user has
the required role redirect to the app, but if the user doesn't display an
error page stating you don't have access.