Re: [keycloak-user] Zuul (Gateway) -> Keycloak Adapters Missing pieces

Hi everyone, We using Keycloak behind a gateway (Zuul) and we are having issues with keycloak adapters not being able to validate the JWT token issued on behalf of an external client. Our Gateway is forwarding all the X-FORWARDED-* headers correctly so the token is issued correctly but the problem is that our adapters (in our services) contains the following configuration: keycloak.auth-server-url=*<local ip of keycloak server>:<port>/auth* Now the problem that we are facing is that the token will not be able to be validated by the adapter, because it was issued for the external IP and the adapter is pointing to the local ip, so the token validation fails. I've seen several threads and jira issues about this problem without a clear solution and it sounds like the adapter's code can be easily extended to support this scenario. Now the question is where that information should live: 1) It can be set to the realm configuration so the adapter picks that up on start up and then use that information for the token validation 2) I can be picked up by the service that is getting the external IP in the X-FORWARDED-* headers (this might cause a security issue ??? ) We can provide the code for the solution but before start coding we want to know what are your opinions on the matter and if this have been solved before. Cheers Mauricio -- - MyJourney @ http://salaboy.com <http://salaboy.wordpress.com> - Co-Founder @ http://www.jugargentina.org - Co-Founder @ http://www.jbug.com.ar - Salatino "Salaboy" Mauricio -