Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
Unfortunately, we localhost vs. 127.0.0.1 problem returned. This time, the problem is for the following case:
- jdoe uses localhost to create an offline token
- token/secret is added to a remote agent, which is configured to talk to 127.0.0.1 (or any other host)
- agent makes an http call to the backend, which determines that the host for the request is a synonym for the host on the offline token and verifies the token using the host from it
- token is approved, request continues
- Keycloak adapter refuses the request, saying that the issuer of the token is not the same as the realm's URL.
After talking with Marek, I think the best solution is to use http://localhost:8080/auth for the auth-server-url in the configuration file, adding to the installation steps a note about changing this.
Places that will need to be changed:
- keycloak.json on the UI
- standalone.xml for the backend components