Enabling remote access to Keycloak

Question

I\'m using the Keycloak authorization server in order to manage my application permissions. However, I\'ve found out the standalone server can be accessed locally only.

Answer 1

The standalone Keycloak server runs on the top of a JBoss Wildfly instance and this server doesn't allow accessing it externally by default, for security reasons (it should be only for the administration console, but seems to affect every url in case of Keycloak). It has to be booted with the -b=0.0.0.0 option to enable it.

However, if your Wildfly is running on a remote machine and you try to access your administrative page through the network by it’s IP address or hostname, let’s say, at http://54.94.240.170:8080/, you will probably see a graceful This webpage is not available error, in another words, Wildfly said “No, thanks, I’m not allowing requests from another guys than the ones at my local machine”.

See also:

• Enable Wildfly remote access
• Wildfly remotely access administration console doesnt work

Answer 2

For anyone who happens by here now, I found this in the documentation for Keycloak 8:

Users can interact with Keycloak without SSL so long as they stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172.16.x.x. If you try to access Keycloak without SSL from a non-private IP address you will get an error.

Answer 3

you can start keycloak server with this command

standalone.bat -b 0.0.0.0