[keycloak-user] Disabling token Host validation for introspect?
Dmitry Korchemkin
moon3854 at gmail.com
Mon Apr 10 09:18:06 EDT 2017
I have 2 gateway proxies, through which i can access realm and retrieve
oidc token, A and B. Issuer is set in token to either A or B.
When i then send a request to an introspect endpoint with a token A through
gateway B i get {"active": false} as a response.
Through testing i've found that request returns proper data when issuer in
the token equals the gateway i access it from.
Is there a way to disable that Host check for introspect? I do not have
direct control through which gateway introspect will be accessed and
manually fixing Host header proves difficult due to numerous security fixes
in java.
More information about the keycloak-user
mailing list