Is it possible to have a wildcard in an issuer URL? I see lots of information about wildcards in redirect URLs, but nothing about issuers. Basically, we'd like to accept issuers something like this:
*.
auth.company.comwhere those would match
server1.auth.company.com and
server2.auth.company.com.
I can see some obvious security downsides to doing things this way, but at the same time, if we have someone on the other side of the firewall messing with DNS, then we already have big issues. In any case, it's not my decision on how this will ultimately get implemented.
Part of the problem with wildcards in redirect URLs, is it wouldn't work anyway per
https://issues.redhat.com/browse/KEYCLOAK-14071Does anybody have thoughts on this? Do we just need a something sitting in front of the keycloak servers? I would think there could be latency issues with servers all over the globe, but I haven't thought through that scenario completely.
Thanks!
Doug