Re: [keycloak-dev] feature request

My token audience does not match, because we request for a token via floating ip (openstack, like 10.xx.xx.xx), and would like to validate via private ip (like 192.168.xx.xx). So my question is how to solve this problem? There are two machines, one belongs to user, and on the other we running keycloak, and a client, which can validate token. But client only nows the private ip, and user can't access keycloak on private ip, cause he/she is not in that network. Br, Matyi On 11 October 2016 at 18:45, Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: > Rather than hacking Keycloak you should figure out why your token > audience doesn't match. For a token to be valid it has to been issued by > the same server URL and realm. It's an important check and we wouldn't > accept a feature that prevents it. > > On 11 October 2016 at 17:07, Mátyás Bachorecz <bachoreczm(a)gmail.com&gt; > wrote: > >> Hi, >> >> we have a multi-component project, and all components running in one >> machine, also Keycloak. >> We would like to obtain token via curl, and our components would like to >> validate it, but they can't, because we've got: >> "Token audience doesn't match domain. Token issuer is " + >> token.getIssuer() >> + ", but URL from configuration is " + realmUrl (RSATokenVerifier.java) >> >> I would like to implement a new feature: a new checkbox or something else >> to realm settings page, which can switch off the above mentioned feature. >> I've read that I should write an email here if I would like to implement >> something. Is it ok, or how it works? >> >> Br, >> Matyi >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > >