Does anyone know how to add a flow condition based on the users remote ip address?
You would need to implement your own ConditionalAuthenticator
. There is nothing built-in that does it. However, here is an example of someone who created one that matches a request header value. GitHub - jdelker/keycloak-conditional-authenticators: Keycloak Authenticator to be used as a condition for matching against request headers It would likely be easy to modify this code to check the remote IP.
For others looking for a solution…
This worked for me:
https://github.com/jdelker/keycloak-conditional-authenticators
I am behind an nginx proxy, so I filter on X-Real-IP.
X-Real-IP: 192.168.1.[0-9]+
I didn’t see your reply before I posted the same thing Thanks for the help!
I think we hit submit at the exact same time. Glad it worked for you. I didn’t think of using the X-Real-IP
header directly with that authenticator.