Hello,
We're working on a setup where we have two realms, a
'master' realm that we use for administration, and another
realm that is public-facing, providing service to our
end-users.
We'd like to be able to prevent access to the master realm
for the general public. We do not want, for example, to have
the general public be able to access the login page for the
master realm, but we would like them to be able to use to
login page for the other realm. Things will probably get
interesting in the REST interface in that sense.
Ideally, we would expose each realm on a different network
endpoint (at the very least, use different TCP ports for each
realm). We prefer to avoid a solution that relies on URL /
path-based filtering.
Can Keycloak facilitate this? Is it possible to limit
exposure of a particular realm to a specific network endpoint?
Kind regards,
Guus