Adapter configuration with redirect url and auth url

Hi there,

i hope i can explain my problems so you can understand it…
In our company we use Keycloak to secure Apps. These Apps are placed into Internet, DMZ and Intranet.
Our Keycloak is placed into DMZ and there is a WebApplicationFirewall-Location sso.mydomain.com that points to the Keycloak instance. So all Adapter configurations are filled with auth-url: sso.mydomain.com/auth
The DMZ/Intranet is a diffrent DNS zone and sso.mydomain.com cannot resolved within that zones. In that zones we address Keycloak with iam.internaldomain.com
To get code exchange working we configured all Adapters to use corporate-proxy so the proxy can resolve sso.mydomain.com and code exchange process can happen over proxy and WAF. But in my opinion this solution is not good and there could by 3rd party apps that dont support configuring a coporate proxy.

So in my thougths i would like to configure one auth-url for code to token exchange (iam.internaldomain.com for DMZ+Intanet) and one “redirect-url” so the app can redirect the user to sso.mydomain.com (To get SingleSignOn working the browser cookie needs to be on external URL)

As i understand the adapters use auth-url for both: redirecting user for login and exchanging code to token (maybe there are other backchannel operations)…

Do you have any ideas?