I actually share Stian's position. Using the same client credentials for a
wildcard selection of domain names (I assume different apps) looks like a
bad idea. When provisioning these wildcard "clients", are you not able to
provision them with a separate set of client credentials via the keycloak
admin API?
On Tue, Sep 20, 2016 at 12:50 AM, Josh Cain <josh.cain(a)redhat.com> wrote:
Per KEYCLOAK-3585:
<
https://issues.jboss.org/browse/KEYCLOAK-3585>
Currently, valid redirect URI hostnames allow for wildcards at the end
like so:
http://www.redhat.com/*
I'm managing several environments where clients need 'n' number of
available redirect URI's with different hostnames, I.E.
http://developer1.env.redhat.com
http://developer2.env.redhat.com
http://developer3.env.redhat.com
Would really help to have the ability to wildcard hostnames too, I.E.:
http://*.env.redhat.com
I've submitted #3241 <
https://github.com/keycloak/keycloak/pull/3241> to
address this issue, but there seem to be some concerns about allowing
wildcards in other parts of the URL. See the PR for a more fleshed out
discussion, but wanted to start a thread here on the mailing list.
Particularly with respect to:
- Does anyone have need of this feature or would find it useful?
- Should this kind of wildcard be allowed as a configuration option by
Keycloak?
Josh Cain | Software Applications Engineer
*Identity and Access Management*
*Red Hat*
+1 256-452-0150
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev