Internal URLs access for RH-SSO adapters

Solution Verified - Updated -

Issue

  • How to configure an adapter to communicate to the RH-SSO server when hostname is different for external users and internal adapters.

  • The RH-SSO server and adapters are located in the internal network but final users access an external name which is different. How is this setup configured?

  • An adapter configured to communicate to the internal name of the RH-SSO server does not validate the tokens:

    Failed to verify token: org.keycloak.common.VerificationException: Invalid token issuer. Expected 'http<s>://<internal-name>:<internal-port>/auth/realms/<realm>', but was 'http<s>://<external-name>:</external-port>/auth/realms/<realm>'
    

Environment

  • Red Hat Single Sign On (RH-SSO)
    • 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content