Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      What:
      Add ability to map a complete realm URL to a custom URL.
      e.g.
      instead of: https://sso.example.com/auth/realms/awesome-realm
      to just : https://sso.example.com/

      Currently with version 8.0.0 it is only possible to achieve with basic configuration
      https://sso.example.com/realms/awesome-realm

      Even though you hide and rewrite path(s) behind a reverse proxy, one needs to rewrite response body (ui, oidc json body etc.) , headers (redirects), cookie paths and so on.
      Even after achieving rewriting all paths it is not possible to change the issuer information inside a JWT token, which will always have the path /realms/<realm> attached to the end of it.

      Why:
      1 - realms/<realm> path instantly suggests that the system is using keycloak.
      a - It is unlikely but this may be a vulnerability for a system which using a keycloak, if it is known from outside world that a system uses keycloak, and if keycloak has a known vulnerability.
      b - Sharing tech stack with outside works for a system is not preferred generally.
      2 - Shorter/ fully customizable URLs can be provided and with custom themes on the UI the product is fully customizable for consumers.

      How:
      1 - There is already a configuration in the realm settings to set front-end URL, with a checkbox one can configure if this URL should override the entire realm/issuer URL.
      2 - If the checkbox not selected (default) the system behaves as it is behaving now.
      3 - If the checkbox is selected then system overrides all URLs of the realm with the provided realm URL including back-end URLs.
      4 - Keycloak server can identify a realm for incomming requests with the unique Frontend URL or domain.
      As an alternative
      1 - In realm settings there might be a field to set custom unique realm path.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                canayozel Canay Özel
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: