You could write an authenticator plugged in via the auth SPI that checks
client IP and port and not allow connections based on that.
On 4/1/2016 5:46 AM, Guus der Kinderen wrote:
Hello,
We're working on a setup where we have two realms, a 'master' realm
that we use for administration, and another realm that is
public-facing, providing service to our end-users.
We'd like to be able to prevent access to the master realm for the
general public. We do not want, for example, to have the general
public be able to access the login page for the master realm, but we
would like them to be able to use to login page for the other realm.
Things will probably get interesting in the REST interface in that sense.
Ideally, we would expose each realm on a different network endpoint
(at the very least, use different TCP ports for each realm). We prefer
to avoid a solution that relies on URL / path-based filtering.
Can Keycloak facilitate this? Is it possible to limit exposure of a
particular realm to a specific network endpoint?
Kind regards,
Guus
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com