Hello everyone!
I am happy to share my question with the keycloak community!
I have setup keycloak v26.5.2 with 2 separate hostnames:
-the public URL where the user is redirected to
-the internal admin URL where we (the vendor) have access to the API endpoints and the admin UI
This setup required the following changes in keycloak.conf:
-proxy-headers=xforwarded
-hostname-backchannel-dynamic=true
-hostname-admin=https://auth.cloud:40443
-hostname=https://auth.io:40443
I have also updated in the keycloak database the `keycloak.realm_attribute` of `frontendUrl` of the master realm to match the admin url https://auth.cloud:40443.
Please note that we have setup 2 keycloak nodes, behind 2 nginx reverse proxies that are served by a central keepalived VIP on linux.
This setup has currently the following behaviour:
-when the user access our web application, they are redirected to the public hostname for login. No issues, this works properly
-when the user tries to hit the root path of the public hostname which is https://auth.io:40443 they are redirected to https://auth.cloud:40443/admin which is not accessible because this DNS is resolved only internally for our internal communication . This is an issue because we would like to serve the admin url to the user as well. We would like to give them access to manage their users in the Keycloak admin UI. But this is currently resolved only by us internally.
Could you please let me know, is this behaviour possible? We would like to keep accessing keycloak using 2 separate hostnames as it is now, but allow the user to use the login and admin UI as well. While we internally should keep using the internal admin URL for the API endpoints and the backend.
Thank you for your time!