Hello. I am setting up keycloak for production, and would like to reduce attack vectors. I have read about exposing paths here
That’s good advice. I can easily block this on my AWS ALB (I have cloudfront + ALB + traefik in front of my keycloak)
But I’m a bit confused about the behaviour of the admin console.
For example my domain is idp.example.com, then i configured --hostname-admin admin.idp.example.com.
But when i try going to admin page, it redirects me to login via main page, master realm, after the login it takes me back to admin. subdomain.
Is that expected? The master realm is still exposed to vector attack.
thank you