Thanks! I now realise that the host name in the redirect URI is simply set using the current request (i.e. the URL in the browser) so it should just work in our reverse-proxy setup without having to change any of the bind addresses. We hope.. ;-) On 27 Feb 2019, at 09:19, Luis Rodríguez Fernández <uo67113@gmail.com<mailto:uo67113@gmail.com>> wrote: Hello Edgar, mmm, perhaps you can specify a different bind address [1] Hope it helps, Luis [1] https://www.keycloak.org/docs/latest/server_installation/index.html#_network El mar., 26 feb. 2019 a las 17:04, Edgar Vonk - Info.nl<http://Info.nl> (<Edgar@info.nl<mailto:Edgar@info.nl>>) escribió: Hi, We use a SAML Identity Provider configuration in Keycloak to broker identities to an external SAML-based Identity Provider. This works fine but now we have the requirement that after authentication the user needs to be redirected first to a reverse-proxy and only then back to us (as in: Keycloak). I.e. we need to configure a custom redirect URI in our SAML Identity Provider in Keycloak.. However this redirect URI seems to be generated on-the-fly in Keycloak and the hostname part seems always set to the host where Keycloak runs on? Our question is: is this redirect URI configurable at all and if not, how could we go about setting it ourselves (the hostname part at least)? I guess that we would need to create our own custom Identity Provider (e.g. extension of the SAMLIdentityProvider and related Java classes) and install this in Keycloak? _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett