We have a Vault instance that’s accessible from multiple different private networks. We use keycloak for authentication and want the OIDC discovery URL to route the user to the correct keycloak, based on where they accessed our vault from, for example:
https://vault.network1.company.com would auth with the network1 keycloak
while
https://vault.network2.company.com would auth with the network2 keycloak
The users who access vault via network1 can’t access the network2 keycloak (and vice versa)
I’ve done some searching and I don’t think this is possible. Does anyone have a solution?