Flow condition based on User IP

adamboutcher · June 9, 2022, 1:11pm

Does anyone know how to add a flow condition based on the users remote ip address?

xgp · June 9, 2022, 2:10pm

You would need to implement your own ConditionalAuthenticator. There is nothing built-in that does it. However, here is an example of someone who created one that matches a request header value. GitHub - jdelker/keycloak-conditional-authenticators: Keycloak Authenticator to be used as a condition for matching against request headers It would likely be easy to modify this code to check the remote IP.

adamboutcher · June 9, 2022, 2:11pm

For others looking for a solution…

This worked for me:
https://github.com/jdelker/keycloak-conditional-authenticators

I am behind an nginx proxy, so I filter on X-Real-IP.

X-Real-IP: 192.168.1.[0-9]+

adamboutcher · June 9, 2022, 2:49pm

I didn’t see your reply before I posted the same thing Thanks for the help!

xgp · June 9, 2022, 2:54pm

I think we hit submit at the exact same time. Glad it worked for you. I didn’t think of using the X-Real-IP header directly with that authenticator.

Topic		Replies	Views
Conditional OTP Form Header check not working	2	1119	January 14, 2021
Real IP address of client Configuring the server	4	3825	February 13, 2023
Invalid_code when authenticating through reverse proxy Configuring the server authentication	3	3658	August 13, 2020
Client ip address fetching Getting advice authentication , oidc	1	1080	March 3, 2022
Using a test server Keycloak instance from 127.0.0.1 Getting advice	0	445	February 16, 2022

Flow condition based on User IP

Related Topics