Unfortunately, we localhost vs. 127.0.0.1 problem returned. This time, the problem is for the following case:

• jdoe uses localhost to create an offline token
• token/secret is added to a remote agent, which is configured to talk to 127.0.0.1 (or any other host)
• agent makes an http call to the backend, which determines that the host for the request is a synonym for the host on the offline token and verifies the token using the host from it
• token is approved, request continues
• Keycloak adapter refuses the request, saying that the issuer of the token is not the same as the realm's URL.

After talking with Marek, I think the best solution is to use http://localhost:8080/auth for the auth-server-url in the configuration file, adding to the installation steps a note about changing this.

Places that will need to be changed:

• keycloak.json on the UI
• standalone.xml for the backend components