keycloak-scim/server_admin/topics/realms/ssl.adoc

[[_ssl_modes]]

= Configuring SSL for a realm

Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.
Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.


.Procedure 

ifeval::[{project_product}==true]
. Click *Realm Settings* in the menu.
. Click the *Login* tab.
+
.Login tab
image:{project_images}/login-tab.png[Login tab]
endif::[]

ifeval::[{project_community}==true]
. Click *Realm settings* in the menu.
. Click the *General* tab.
+
.General tab
image:{project_images}/general-tab.png[General Tab]
endif::[]

. Set *Require SSL* to one of the following SSL modes:

ifeval::[{project_product}==true]
* *external requests*
endif::[]
ifeval::[{project_community}==true]
* *External requests*
endif::[]
  Users can interact with {project_name} without SSL so long as they stick to private IP addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, and `172.16.x.x`.
  If you try to access {project_name} without SSL from a non-private IP address, you will get an error.

ifeval::[{project_product}==true]
* *none*
endif::[]
ifeval::[{project_community}==true]
* *None*
endif::[]
  {project_name} does not require SSL.  This choice applies only in development when you are experimenting and do not plan to support this deployment.

ifeval::[{project_product}==true]
* *all requests*
endif::[]
ifeval::[{project_community}==true]
* *All requests*
endif::[]  
  {project_name} requires SSL for all IP addresses.
fixing cross-references, adding and changing attribute id's 2016-06-01 08:49:54 +00:00			`[[_ssl_modes]]`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`= Configuring SSL for a realm`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.`
			`Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.`
realms 2016-05-13 14:41:36 +00:00

Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`.Procedure`
realms 2016-05-13 14:41:36 +00:00
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`ifeval::[{project_product}==true]`
			`. Click Realm Settings in the menu.`
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`. Click the Login tab.`
			`+`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`.Login tab`
			`image:{project_images}/login-tab.png[Login tab]`
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`endif::[]`

			`ifeval::[{project_community}==true]`
			`. Click Realm settings in the menu.`
			`. Click the General tab.`
			`+`
			`.General tab`
			`image:{project_images}/general-tab.png[General Tab]`
			`endif::[]`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`. Set Require SSL to one of the following SSL modes:`
realms 2016-05-13 14:41:36 +00:00
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`ifeval::[{project_product}==true]`
			`* external requests`
			`endif::[]`
			`ifeval::[{project_community}==true]`
			`* External requests`
			`endif::[]`
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			Users can interact with {project_name} without SSL so long as they stick to private IP addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, and `172.16.x.x`.
			`If you try to access {project_name} without SSL from a non-private IP address, you will get an error.`
realms 2016-05-13 14:41:36 +00:00
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`ifeval::[{project_product}==true]`
			`* none`
			`endif::[]`
			`ifeval::[{project_community}==true]`
			`* None`
			`endif::[]`
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`{project_name} does not require SSL. This choice applies only in development when you are experimenting and do not plan to support this deployment.`
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00
			`ifeval::[{project_product}==true]`
			`* all requests`
			`endif::[]`
			`ifeval::[{project_community}==true]`
			`* All requests`
			`endif::[]`
			`{project_name} requires SSL for all IP addresses.`