[keycloak-dev] Application and server in separate networks
Christian Beikov
christian.beikov at gmail.com
Wed Apr 18 09:10:03 EDT 2018
Hey Thomas,
thanks for you quick answer. I read in the documentation that it's
possible to define a "realm-public-key" in the keycloak.json but key
rotation would break the adapter. Since the Keycloak server is only
accessible within our private network, I would like to disable key
rotation and use the realm-public-key, but I wasn't able to find the
knob to deactivate that yet. Will a fixed realm public key enable me to
run the scenario I described?
Mit freundlichen Grüßen,
------------------------------------------------------------------------
*Christian Beikov*
Am 18.04.2018 um 14:48 schrieb Thomas Darimont:
> Hello Christian,
>
> your application server needs to communicate with the Keycloak server
> to retrieve the realm public key referenced in the token to verify the
> token signature.
> The current implementation in Keycloak fetches & caches unknown public
> keys automatically.
>
> You could also use a fixed realm public key on the application server
> side but it would not support key rotation anymore.
>
> Cheers,
> Thomas
>
> 2018-04-18 13:45 GMT+02:00 Christian Beikov
> <christian.beikov at gmail.com <mailto:christian.beikov at gmail.com>>:
>
> Hi,
>
> is it necessary that an application secured by Keycloak can access
> the
> Keycloak server? Or is it enough if the Browser can access the
> Keycloak
> server?
>
> --
>
> Mit freundlichen Grüßen,
> ------------------------------------------------------------------------
> *Christian Beikov*
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>
More information about the keycloak-dev
mailing list