Different url or port for admin console access

[Emma Richardson]

I was having issues with people not being able to get to my login server with the default ports so I switched them to use 80 and 443.  However, I am not comfortable with the default keycloak screen with admin console access being on a standard port - is there anyway to switch so that just the main page is on a different port but the clients still use the 80 and 443 ports?

[Emma Richardson]

Or limit access to it from a specific ip range - there used to be instructions for the pre Quarkus version but there is nothing for the latest version...

[Tony Wu]

This was a concern for us as well. What we do is we used a proxy to deny access based on URI and IP. For example:

• If source IP includes legit CIDRs (vpn, office NAT, etc.), allows everything.
• If URI includes /realms/master/* or /admin/* forward to /errors.
  
• If URI includes query string key = "client_id" and value = "security-admin-console" (basically trying to catch client_id=security-admin-console in URI), forward to /errors.
  
• Catch all and allows pass through.

[Jon Koops]

I'd recommend reading:

- https://www.keycloak.org/server/hostname
- https://www.keycloak.org/server/reverseproxy

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/fd479ac8-04dc-4fba-b862-be2f0627cba3n%40googlegroups.com.

[sunil kumar]

Dear Jon Koops,

Its nice to hear from you, I'm trying your suggestions, if you get a time please find attached yaml file with this mail, currently I'm using it for deployment, I made following changes 

 type: ClusterIP 

added environment variables as explained in the link (https://www.keycloak.org/server/hostname), please provide your suggestion on "args " section, how do I start the service on 8081 (any port ) port and URI - admin console /admin , /keycloak , /auth, etc .

Link I'm referring :

https://www.keycloak.org/getting-started/getting-started-kube

https://www.keycloak.org/server/all-config

https://www.keycloak.org/server/features

Best Regards

Sunil

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CAEdmLYGa9%3D3E%3DcB5zsnASNMQwb5WG9C%2BcVOOtxyJt%3D75Mm84_Q%40mail.gmail.com.