I have an application running on Wildfly that needs to be accessible for external users over Internet (using DNS name) and for internal users using only internal (private) IP addresses. I have an reverse proxy (haproxy) in front of both the application and keycloak instance. Is such a configuration possible?
I’ve found out that by default, the authentication URL hosted by Keycloak uses the auth-server-url value configured in the client, meaning that is works only for one type of clients (if auth-server-url uses DNS name it will not be accessible to internal clients who can’t resove DNS, if I put there private IP address, Internet clients will not be able to access). I can rewrite the redirect URLs at the haproxy level, but I get the following error: “failed verification of token: Invalid token issuer. Expected ‘http:///auth/realms/sample’, but was ‘http:///auth/realms/sample’”.