Hi,

you can configure welcome theme in keycloak-server.json - See docs http://keycloak.github.io/docs/userguide/keycloak-server/html/themes.html#d4e2326 . Then in your theme you can override the welcome file and hide link to admin console from it.

For access admin console just from local addresses, we don't support it AFAIK, but you can achieve it with usage of some custom proxy/filter, which will reject request coming from external IP address.

For the future, we plan to improve authorization/permissions for admin console. As part of this, it will be possible to create authorization rule to limit access just for some IP addresses. Not sure when this is available though...

Marek

On 30/03/16 13:53, Kevin Thorpe wrote:
Well I can hard-block because we front everything with an Nginx instance. Just seems dirty though.


Kevin Thorpe
VP Enterprise Platform


T: +44 (0)20 3005 6750  | F: +44(0)20 7730 2635  | T: +44 (0)808 204 0344 
150 Buckingham Palace Road, London, SW1W 9TR, UK 

               

SAVE PAPER - THINK BEFORE YOU PRINT!

____________________________________________________________________

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.


On 30 March 2016 at 12:52, Ben Bazian <bbazian@mbopartners.com> wrote:

Please let me know if you come up with a solution.  We would actually like to limit access to this page to inside the firewall.  No external access.

 

Thanks

 

From: keycloak-user-bounces@lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Kevin Thorpe
Sent: Wednesday, March 30, 2016 7:43 AM
To: keycloak-user <keycloak-user@lists.jboss.org>
Subject: [keycloak-user] Can we change the default realm on Keycloak?

 

Hi,

    just wondering if we could hide the default page https://keycloak.mydomain.com/auth because tat prompts you to log in to the master realm which we don't want visible.

 

I could block that page outright but sometimes we might need to log in to the master realm for user admin.


 

Kevin Thorpe

VP Enterprise Platform


T: +44 (0)20 3005 6750  | F: +44(0)20 7730 2635  | T: +44 (0)808 204 0344 
150 Buckingham Palace Road, London, SW1W 9TR, UK 

               


SAVE PAPER - THINK BEFORE YOU PRINT!

____________________________________________________________________

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.




_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user