12:48 a.m.
I understand, thank you for your answer.
On 12 October 2016 at 07:00, Stian Thorgersen <sthorger(a)redhat.com> wrote:
You can obviously use DNS settings and the machines hosts file to
change
what IP address the name resolves to.
https://machine.local could resolve to 10.0.0.12 or 192.168.1.12
depending on where it's called from.
On 12 October 2016 at 06:59, Stian Thorgersen <sthorger(a)redhat.com> wrote:
> [Adding list again]
>
> Token based security relies on HTTPS for security. You need to use the
> HTTPs domain name when you are contacting Keycloak. The HTTPs domain should
> match the issuer of the domain.
>
> On 11 October 2016 at 18:56, Mátyás Bachorecz <bachoreczm(a)gmail.com>
> wrote:
>
>> My token audience does not match, because we request for a token via
>> floating ip (openstack, like 10.xx.xx.xx), and would like to validate via
>> private ip (like 192.168.xx.xx). So my question is how to solve this
>> problem?
>>
>> There are two machines, one belongs to user, and on the other we running
>> keycloak, and a client, which can validate token. But client only nows the
>> private ip, and user can't access keycloak on private ip, cause he/she is
>> not in that network.
>>
>> Br,
>> Matyi
>>
>> On 11 October 2016 at 18:45, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> Rather than hacking Keycloak you should figure out why your token
>>> audience doesn't match. For a token to be valid it has to been issued by
>>> the same server URL and realm. It's an important check and we
wouldn't
>>> accept a feature that prevents it.
>>>
>>> On 11 October 2016 at 17:07, Mátyás Bachorecz <bachoreczm(a)gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> we have a multi-component project, and all components running in one
>>>> machine, also Keycloak.
>>>> We would like to obtain token via curl, and our components would like
>>>> to
>>>> validate it, but they can't, because we've got:
>>>> "Token audience doesn't match domain. Token issuer is " +
>>>> token.getIssuer()
>>>> + ", but URL from configuration is " + realmUrl
(RSATokenVerifier.java)
>>>>
>>>> I would like to implement a new feature: a new checkbox or something
>>>> else
>>>> to realm settings page, which can switch off the above mentioned
>>>> feature.
>>>> I've read that I should write an email here if I would like to
>>>> implement
>>>> something. Is it ok, or how it works?
>>>>
>>>> Br,
>>>> Matyi
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>>
>>
>