I filed
https://issues.jboss.org/browse/KEYCLOAK-5014 last week after
asking a related question on the mailing list -- sounds like there's not a
good way to handle this at this point. I've settled on adding "myhost"
(from your example) to the hosts file on dev computer that need to run our
Docker setup. This is OK in my case because that only affects a few dev
computers.
I would like there to be a way to have the Keycloak middleware allow
multiple issuers based on configuration rather than just requiring a match
to the realm URL.
On Sat, Jun 10, 2017 at 6:30 AM, Tom Braun <braun.tom(a)web.de> wrote:
Hello,
got the follwing setup:
- frontend (oauth, angular2)
- rest-backend (bearerOnly, spring-boot with spring-security)
- keycloak (standalone)
If I run the three as "ordinary" processes, everything works fine.
However, if I try to run them as services within a docker (swarm mode)
the rest-backend keeps complaining about:
org.keycloak.common.VerificationException: Invalid token issuer.
Expected 'http://myhost:8180/auth/realms/myrealm', but was
'http://localhost:8180/auth/realms/myrealm'
I inserted myhost into my /etc/hosts to point to the IP of docker0. So
far it works, I can access the frontend on port 80 and keycloak on port
8180.
Is there a way to make keycloak report as myhost in the issuer token and
not as localhost?
Tried running keycloak behind a reverse-proxy - no change.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user