Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2215

Keycloak support for environment variables

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Obsolete
    • Icon: Minor Minor
    • None
    • None
    • None
    • False
    • None
    • False
    • If Release Note Needed, Set a Value
    • Set a Value

      We might need to provide support for Keycloak dealing with environment variables in order to allow fine-grain and customizable configuration for Identity Broker, Clients, etc...

      Example use-case:

      • Identity Broker support for expression variables to allow multiple "Relative URLs"
      For example, a customer has 2 realms and wants to access them this way:

- The "realmA" and "realmB" are always running on same host-
- The host is accessible on different URLs like "alias1.foo.com" and "alias2.foo.com"
- When customer initiates login by access to "https://alias2.foo.com/auth/realms/b/account", then it wants that identity broker will also use "https://alias2.foo.com/auth/realms/realma/protocol/openid-connect/auth" . And vice-versa for "alias1.foo.com"

Keycloak currently doesn't support this use-case for identity brokering to work with "Relative URLs".
This would mean that the "Authorization Endpoint" for Identity provider will be specified with the value "/auth/realms/realmA/protocol/openid-connect/auth" . Keycloak will then translate this "relative URL" in runtime according to used host.

              Unassigned Unassigned
              rhn-support-igueye Issa Gueye
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: