[keycloak-user] Disabling token issuer check

kapil joshi kapilkumarjoshi001 at gmail.com
Thu Mar 28 13:46:57 EDT 2019


Hi All,

While trying to validate 2rd party token in a NATed environment, we are
getting error in verifying the token, due to difference in the issuer of
the token. Getting error like org.keycloak.common.VerificationException:
Invalid token issuer.Expected "keycloak-service-url" but was '
https://boxip:30003/auth/realms/myrealm'
We are using stable helm chart for deploying keycloak.
Actually there is a check to enable/disable realmUrlCheck(i.e the issuer
check). If disabled we are good to go. Then we are able to verify third
party token in NATed environment too.

My question is, will there be any security concern if we disable this
checkRealmUrl check in the adapter.

Thanks & regards
Kapil


More information about the keycloak-user mailing list