Can't bind multi KC_HOSTNAME

[ly123-liu]

Describe the bug

keyclock version 17.0.0

service A/B use keycloak to login， we want service A/B user only see A/B 'self domain ,not keycloak domain , but keycloak use KC_HOSTNAME to define frontend domain, its seems when we use A to get keyclaok resource (in browser we see domain A ,not keycloak domain, we do that in nginx to get keycloak url: /auth/realms/xx can be reached with domain A/B) , always redirect to keycloak domain , why is that ,can't we use custom service domain in frontend keycloak ?

Request URL: https://keycloakdomain/auth/realms/xxx/login-actions/authenticate?session_code=ok_CBM-5OKhCh44v0CtYdRkHg_0QhsJPa8Ijat7fBdA&execution=4da01560-07b6-40f7-98a4-50ff6ee27463&client_id=xx&tab_id=tv7VnkENmjI

Version

17.0.0

Expected behavior

service A login in with keycloak use service A domain(in browser we see domain A)

Actual behavior

when we put username/password, keycloak login page redirect always to keycloak domain not client domain ,why is that

How to Reproduce?

nginx config:
server {
server_name test1.com;
location /auth/realms/ {
proxy_pass: http://keycloak;
}
location / {
proxy_pass: http://test1;
}
}

server {
server_name test2.com;
location /auth/realms/ {
proxy_pass: http://keycloak;
}
location / {
proxy_pass: http://test;
}
}

#keycloak admin domain
server {
server_name keycloak.com;
location / {
proxy_pass: http://keycloak;
}
}

Anything else?

No response

[stianst]

Keycloak itself can only have a single domain name by default. Reason for this is that it needs to know its URLs. You can create a custom hostname provider to overcome this, or you can configure different URLs for different realms.