Hello,
Implementing kc as authentication server for our web application, I stumbled upon what
tastes like the jira issue 6073.
All our applications servers are in the same network and a HaProxy makes rooting of
requests based on the path (The Keycloak server answers all path starting with /auth for
instance) From what I got of the auth mechanism, the other applications hosted in our
network (aka "clients") need to query Keycloak when they receive a token form
the browser, therefore they need to have the kc URL and there comes the glitch: in order
to make it work, the url must be strictly equals to token's issuer and when querying
over the internal network, it's not the case.
Worst for me, our company has several domain names for the very same application, these
domains being our customer's domains for whom we "style" the application so
using the "external" domain name to query kc is not an option as it's
dynamic, depending of the domain name the token was issued on.
Anyway that's yet another reason to get interest on the feature request 6073.
I had a look in the code to see if I could do the pull request myself but it's very
daunting and does not look an easy one for a first contribution.
So I'd like to know if the team is planning on implementing this feature one day or if
someone is willing to give me more detail about the way to do it (my background in oAuth
and security beeing very light)
Many thanks,
Nicolas GILLET
Show replies by date