Does a Keycloak secured REST Api on JBoss EAP 6.1 (access-type bearer only) need to communicate with the Keycloak Server once the Adapter and standalone.xml are properly configured? 

Currently both servers are on the same DMZ zone, but we'd like to move the REST Api Server in Intranet zone. 

(test - the REST backend seems to be callable as long as the token is valid, though the Keycloak Server was shutdown, but I ask myself why do I need to specify the auth-server-url in standalone.xml, or keycloak.json file)

Thanks

Adrian