Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-6073

Support different URLs for front and back channel requests in adapters

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Adapters should allow configuring a separate URL used for back channel requests. This is useful when the client is located on the same network as the Keycloak server and wants to use an internal IP address for back channel requests.

      Keycloak does not know it's public realm URL and as such will not know the correct URL if requests are sent to it using an internal URL. This causes a number of problems.

      To resolve this issue we'd need to add support for a request URL to all server-side adapters (Java and Node.js currently). We also need to address how Keycloak would know its correct URL. This may be possible to address with Undertow filters to rewrite the Host header to map the internal URL to the public URL.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  stianst Stian Thorgersen
                • Votes:
                  72 Vote for this issue
                  Watchers:
                  78 Start watching this issue

                  Dates

                  • Created:
                    Updated: