I have an scenario for Keycloak that I'm not able to solve in an easy way, so any help will be more than appreciated.

In apiman (http://www.apiman.io) we are using Keycloak for securing the apiman rest endpoints. We are in the process of creating some demos with docker and for that one of the demos is having keycloak as a separate server to which the wildfly instances holding the apiman rest endpoint will redirect for authentication.

So far, I've configured in this wildfly instances the auth-server-url to be the keycloakserver. Internal communication to this server is resolved by name, as it is docker links providing the accesibility, but this is an "internal ip to docker"

The problem comes when I try to log into the escured resource, and I get a redirection to this "internal" ip, which my browser can not access, so I get an error.

Is there a way to:

a) Use a different URL for browser redirection as for internal redirection?

b) Use a different redirection strategy?

c) do it in any other way?

Thanks for any help you can provide on this.