You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure if this related to oauth2-client-bundle or only to stevenmaguire/oauth2-keycloak, but for the sake of resolving the issue, I'll post here as well.
I'm using the above mentioned lib to authenticate with Keycloak. I configured the auth-server-url, realm, client etc. and everything works fine.
But if I have multiple domain names (e.g DomainA and DomainB) pointing to the same Keycloak server, and depending on some circumstances I redirect users to login to either DomainA or DomainB -- all the tokens (ie user logins) generated on the second domain DomainB will be rejected, as the DomainA was used to set auth-server-url.
Basically, Keycloak uses the URL to set the iss claim in token, and if this is different than auth-server-url, the secured application will deny the token.
Is there a workaround? How can I define multiple valid issuers ie auth servers?
The text was updated successfully, but these errors were encountered:
Not sure if this related to oauth2-client-bundle or only to stevenmaguire/oauth2-keycloak, but for the sake of resolving the issue, I'll post here as well.
Related issue: stevenmaguire/oauth2-keycloak/issues/45
I'm using the above mentioned lib to authenticate with Keycloak. I configured the auth-server-url, realm, client etc. and everything works fine.
But if I have multiple domain names (e.g DomainA and DomainB) pointing to the same Keycloak server, and depending on some circumstances I redirect users to login to either DomainA or DomainB -- all the tokens (ie user logins) generated on the second domain DomainB will be rejected, as the DomainA was used to set auth-server-url.
Basically, Keycloak uses the URL to set the iss claim in token, and if this is different than auth-server-url, the secured application will deny the token.
Is there a workaround? How can I define multiple valid issuers ie auth servers?
The text was updated successfully, but these errors were encountered: