12:05 p.m.
* For adapter config, you can now leave out the realm's public key as
long as you have a valid auth-server-url. Keycloak will now ping this
auth server to obtain the public key for the realm.
* The adapter config supports a relative URI for the auth-server-url.
It will use the current requests scheme, host, and port to create urls.
A relative url examples is: "/auth"
* The auth server supports relative URLS for redirect urls, admin urls,
and base urls. i.e. "/customer-portal/*". The current request is used
to to build the redirect url to validate against, THe scheme, host, and
port is used.
With these changes, it makes it a bit easier to bundle preconfigured
apps and keycloak on a single server. Hoping this will resolve a bunch
of Aerogear issues.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3:56 a.m.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 2 May, 2014 6:05:05 PM
Subject: [keycloak-dev] dynamic key look and relative uri support added
* For adapter config, you can now leave out the realm's public key as
long as you have a valid auth-server-url. Keycloak will now ping this
auth server to obtain the public key for the realm.
* The adapter config supports a relative URI for the auth-server-url.
It will use the current requests scheme, host, and port to create urls.
A relative url examples is: "/auth"
* The auth server supports relative URLS for redirect urls, admin urls,
and base urls. i.e. "/customer-portal/*". The current request is used
to to build the redirect url to validate against, THe scheme, host, and
port is used.
With these changes, it makes it a bit easier to bundle preconfigured
apps and keycloak on a single server. Hoping this will resolve a bunch
of Aerogear issues.
Sounds good - but I wonder if this could be used to redirect to a custom domain?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
6:36 a.m.
On 5/6/2014 4:56 AM, Stian Thorgersen wrote:
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Friday, 2 May, 2014 6:05:05 PM
> Subject: [keycloak-dev] dynamic key look and relative uri support added
>
> * For adapter config, you can now leave out the realm's public key as
> long as you have a valid auth-server-url. Keycloak will now ping this
> auth server to obtain the public key for the realm.
>
> * The adapter config supports a relative URI for the auth-server-url.
> It will use the current requests scheme, host, and port to create urls.
> A relative url examples is: "/auth"
>
> * The auth server supports relative URLS for redirect urls, admin urls,
> and base urls. i.e. "/customer-portal/*". The current request is used
> to to build the redirect url to validate against, THe scheme, host, and
> port is used.
>
> With these changes, it makes it a bit easier to bundle preconfigured
> apps and keycloak on a single server. Hoping this will resolve a bunch
> of Aerogear issues.
Sounds good - but I wonder if this could be used to redirect to a custom domain?
What do you mean?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3891
days inactive
3895
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Stian Thorgersen