[keycloak-user] Same Keycloak instance hosted on different domains

stefan.romete at gmail.com stefan.romete at gmail.com
Mon May 6 06:37:06 EDT 2019


Hi,

 

We have an issue with trying to have the same keycloak instance hosted on 2
different domains(URLs).

 

We have the following scenario:

2 Different Angular apps that point to 2 different URLs for the auth part.
These 2 URLs use the same instance of keycloak. This works as expected and
we are able to authenticate in both apps.

The problem comes when trying to reach the same Backend application from
both apps, as for one app we have the same token issuer but for the other
one (different Endpoint for Keycloak) we get the message  :

error="invalid_token", error_description="Invalid token issuer. Expected
'<DOMAIN1>', but was '<DOMAIN2>"

 

While looking through the source code of keycloak I found out that this is
the normal behavior when trying to have this setup.

 

Is there any way of achieving the above configuration without having also 2
instances of the BackEnd application , each configured with its own issuer? 

That will mean for us an extra deployment of the same application , which
does not make sense .

 

Thank you,

Stefan Romete



More information about the keycloak-user mailing list