I am new to keycloak, I am using keycloak for both frontend and backend application but I am getting the different issuer in the token generated by keycloak when decoded in jwt.io.
Front end:
- the issuer is the same as the base URL of the frontend application
- For example:
If the front-end URL is https://example.org/portal then the issuer is the same as https://example.org/auth
Request via postman:
- the issuer is the internal DNS name
I have tried below ways,
- Proxy redirection(With preserve host) - Which generates the issuer with frontend base url.
- Proxy redirection without preserving host - Which expects the private DNS to be resolved at front end application
- Played around the keycloak configuration - updated frontendUrl to https://example.org/auth and forceBackendUrlToFrontendUrl to true which resulted in the same issuer both the backend and frontend but no hostname like https:/auth/relam/external(Refer #2 in reference).
Expected outcome:
- I need the private DNS to be issuer it both the request from frontend and backend(for now it works direct backend request)
Thanks in advance.
Reference
- https://github.com/keycloak/keycloak-community/blob/master/design/hostname-default-provider.md
- Code block
<spi name="hostname">
<default-provider>fixed</default-provider>
<provider name="fixed" enabled="true">
<properties>
<property name="frontendUrl" value="https://example.org/auth"/>
<property name="forceBackendUrlToFrontendUrl" value="true"/>
</properties>
</provider>
</spi>