keycloak-scim/server_admin/topics/realms/ssl.adoc

[[_ssl_modes]]

= Configuring SSL for a realm

Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.
Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.

WARNING:  {project_name} generates a self-signed certificate the first time it runs.  Please note that self-signed certificates are not secure, and should only be used for testing purposes.  It is highly recommended that you install a CA-signed certificate on the {project_name} server itself or on a reverse proxy in front of the {project_name} server.  See the link:{installguide_link}[{installguide_name}].

.Procedure 
. Click *Realm Settings* in the menu.

. Click the *Login* tab.
+
.Login tab
image:{project_images}/login-tab.png[Login tab]

. Set *Require SSL* to one of the following SSL modes:

* external requests::
  Users can interact with {project_name} without SSL so long as they stick to private IP addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, and `172.16.x.x`.
  If you try to access {project_name} without SSL from a non-private IP address, you will get an error.

* none::
  {project_name} does not require SSL.  This choice applies only in development when you are experimenting and do not plan to support this deployment.
  
* all requests::
  {project_name} requires SSL for all IP addresses.
fixing cross-references, adding and changing attribute id's 2016-06-01 08:49:54 +00:00			`[[_ssl_modes]]`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`= Configuring SSL for a realm`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.`
			`Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.`
realms 2016-05-13 14:41:36 +00:00
Update ssl.adoc 2019-01-24 02:03:20 +00:00			`WARNING: {project_name} generates a self-signed certificate the first time it runs. Please note that self-signed certificates are not secure, and should only be used for testing purposes. It is highly recommended that you install a CA-signed certificate on the {project_name} server itself or on a reverse proxy in front of the {project_name} server. See the link:{installguide_link}[{installguide_name}].`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`.Procedure`
			`. Click Realm Settings in the menu.`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`. Click the Login tab.`
			`+`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`.Login tab`
			`image:{project_images}/login-tab.png[Login tab]`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`. Set Require SSL to one of the following SSL modes:`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`* external requests::`
			Users can interact with {project_name} without SSL so long as they stick to private IP addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, and `172.16.x.x`.
			`If you try to access {project_name} without SSL from a non-private IP address, you will get an error.`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`* none::`
			`{project_name} does not require SSL. This choice applies only in development when you are experimenting and do not plan to support this deployment.`

			`* all requests::`
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`{project_name} requires SSL for all IP addresses.`