Invalid token - invalid issuer when logging in with Keycloak

Same posted on Issuer - token invalid · Issue #11584 · keycloak/keycloak · GitHub

I’m having an issue with a secured microservice denying access and returning “Token invalid” because of the issuer.

I’ve checked out the motivation and resolutions of frontend-url and back-channel URL, also all the set ups with reverse proxies etc. but I still find myself without an easy solution.

My problem isn’t that I invoke different URLs from my frontend, or backend/internal cluster, but it is that I have two different domains pointing to the same Keycloak server.

Say, I have a secured microservice and depending on some circumstances, I redirect users to either domain A, or B. Now, the secured microservice is configured with the A domain as auth server URL, causing all the tokens from B, to be invalid - as the issuer is invalid.

Can I actually make use of the existing enhances that touch on this, or can I find a workaround?

Can I set the issuer explicitly in my realm configuration, or set two auth server URLs on the client?

Any other ideas and workarounds for this setup?