[keycloak-user] About issue 6073

[Nicolas Gillet]

Hello,

Implementing kc as authentication server for our web application, I stumbled upon what tastes like the jira issue 6073.

All our applications servers are in the same network and a HaProxy makes rooting of requests based on the path (The Keycloak server answers all path starting with /auth for instance) From what I got of the auth mechanism, the other applications hosted in our network (aka "clients") need to query Keycloak when they receive a token form the browser, therefore they need to have the kc URL and there comes the glitch: in order to make it work, the url must be strictly equals to token's issuer and when querying over the internal network, it's not the case.
Worst for me, our company has several domain names for the very same application, these domains being our customer's domains for whom we "style" the application so using the "external" domain name to query kc is not an option as it's dynamic, depending of the domain name the token was issued on.

Anyway that's yet another reason to get interest on the feature request 6073.
I had a look in the code to see if I could do the pull request myself but it's very daunting and does not look an easy one for a first contribution.

So I'd like to know if the team is planning on implementing this feature one day or if someone is willing to give me more detail about the way to do it (my background in oAuth and security beeing very light)

Many thanks,


Nicolas GILLET