Hello,

We're working on a setup where we have two realms, a 'master' realm that we use for administration, and another realm that is public-facing, providing service to our end-users.

We'd like to be able to prevent access to the master realm for the general public. We do not want, for example, to have the general public be able to access the login page for the master realm, but we would like them to be able to use to login page for the other realm. Things will probably get interesting in the REST interface in that sense.

Ideally, we would expose each realm on a different network endpoint (at the very least, use different TCP ports for each realm). We prefer to avoid a solution that relies on URL / path-based filtering.

Can Keycloak facilitate this? Is it possible to limit exposure of a particular realm to a specific network endpoint?

Kind regards,

  Guus