The REST service doesn't need to communicate directly with Keycloak. The auth-server-url is required by a bearer only token mainly to verify the issuer in the token (it's the full url of the realm, not just the realm name).On 15 July 2016 at 16:34, Adrian Matei <adrianmatei@gmail.com> wrote:_______________________________________________Hi everyone,Does a Keycloak secured REST Api on JBoss EAP 6.1 (access-type bearer only) need to communicate with the Keycloak Server once the Adapter and standalone.xml are properly configured?Currently both servers are on the same DMZ zone, but we'd like to move the REST Api Server in Intranet zone.(test - the REST backend seems to be callable as long as the token is valid, though the Keycloak Server was shutdown, but I ask myself why do I need to specify the auth-server-url in standalone.xml, or keycloak.json file)ThanksAdrian
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user