We have keycloak behind reverse proxy. Now I would like admin console to only be accessible by internal IP (as suggested in the docs). So we set following variables when starting keycloak (sorry for the blank spaces - can’t paste links):
frontendUrl = https :// my . reverse-proxy . org /auth
adminUrl = http :// 10.10.10.10 :8888 /auth
proxy_address_forwarding = true (using docker image if it matters)
When starting keycloak, logs show that variables are correctly set:
[org.keycloak.url.DefaultHostnameProviderFactory] Frontend: https :// my . reverse-proxy . org /auth, Admin: http :// 10.10.10.10 :8888 /auth, Backend: request
However in this setup, when I navigate to http :// 10.10.10.10 :8888 /auth/admin, I am redirected to https :// my . reverse-proxy. org /auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=http :// 10.10.10.10: 8888 /auth/admin/master/console&…
How do I tell keycloak that I should be redirected to internal IP, and not the configured frontendUrl? Feels like I’m missing something, but I tried every single combination and still out of luck.