[keycloak-user] Limiting (network-based) access to different realms
Bill Burke
bburke at redhat.com
Fri Apr 1 09:16:52 EDT 2016
You could write an authenticator plugged in via the auth SPI that checks
client IP and port and not allow connections based on that.
On 4/1/2016 5:46 AM, Guus der Kinderen wrote:
> Hello,
>
> We're working on a setup where we have two realms, a 'master' realm
> that we use for administration, and another realm that is
> public-facing, providing service to our end-users.
>
> We'd like to be able to prevent access to the master realm for the
> general public. We do not want, for example, to have the general
> public be able to access the login page for the master realm, but we
> would like them to be able to use to login page for the other realm.
> Things will probably get interesting in the REST interface in that sense.
>
> Ideally, we would expose each realm on a different network endpoint
> (at the very least, use different TCP ports for each realm). We prefer
> to avoid a solution that relies on URL / path-based filtering.
>
> Can Keycloak facilitate this? Is it possible to limit exposure of a
> particular realm to a specific network endpoint?
>
> Kind regards,
>
> Guus
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160401/ad2e8b2f/attachment.html
More information about the keycloak-user
mailing list