I got my Keycloak 20.01 running in quarkus.
it is running with a LB who is exposing the the root path internally and only the recommended paths externally.
the LB is terminating the TLS connection and therefore keycloak is set up with proxy= edge and http enabled.
we set the hostname and hostname-admin as well as hostname-strict-backchannel=true.
if i call the well-known/openid-configuration the following values (not exhaustive) use the hostname-admin as their baseurl:
token_endpoint
introspection_endpoint
userinfo_endpoint
jwks_uri
registration_endpoint
backchannel_authentication_endpoint
pushed_authorization_request_endpoint
as the hostname-admin is using our internal naming scheme we would prefer not to publish it this openly.
How can i configure the keycloak, that it is only using the hostname in the well-known/openid-configuration?