Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-6984

Allow to define alternative jwt issuer name for a realm

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Won't Do
    • Affects Version/s: 3.4.3.Final
    • Fix Version/s: None
    • Component/s: Protocol - OIDC
    • Labels:
      None
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      The issuer ("iss") claim of the jwt access_tokens is currently set to the invoked realm URL.
      The audience ("aud") claim values of the client_assertions are validated against the issuer name which, again, is the realm URL.

      It would be useful to allow the administrator to specify a logical jwt issuer name for a realm in order to make the issuer validation process independent from the public keycloak instance URL.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                anpasq Andrea Pasqualini
              • Votes:
                11 Vote for this issue
                Watchers:
                18 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: