keycloak-scim/docs/documentation/server_admin/topics/realms/ssl.adoc

[[_ssl_modes]]

= Configuring SSL for a realm

Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.
Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.


.Procedure 

. Click *Realm settings* in the menu.
. Click the *General* tab.
+
.General tab
image:images/general-tab.png[General Tab]

. Set *Require SSL* to one of the following SSL modes:

* *External requests*
  Users can interact with {project_name} without SSL so long as they stick to private IPv4 addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, `172.16.x.x` or IPv6 link-local and unique-local addresses.
  If you try to access {project_name} without SSL from a non-private IP address, you will get an error.

* *None*
  {project_name} does not require SSL.  This choice applies only in development when you are experimenting and do not plan to support this deployment.

* *All requests*
  {project_name} requires SSL for all IP addresses.
fixing cross-references, adding and changing attribute id's 2016-06-01 08:49:54 +00:00			`[[_ssl_modes]]`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`= Configuring SSL for a realm`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.`
			`Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.`
realms 2016-05-13 14:41:36 +00:00

Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`.Procedure`
realms 2016-05-13 14:41:36 +00:00
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`. Click Realm settings in the menu.`
			`. Click the General tab.`
			`+`
			`.General tab`
Preparing Server Admin Guide for RHBK (#1690) Closes #1688 2022-10-05 18:43:15 +00:00			`image:images/general-tab.png[General Tab]`
realms 2016-05-13 14:41:36 +00:00
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`. Set Require SSL to one of the following SSL modes:`
realms 2016-05-13 14:41:36 +00:00
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`* External requests`
Allow requests from local IPv6 addresses If administrator selects EXTERNAL for Require SSL setting, allow clear-text HTTP requests when client is coming from IPv6 link-local or unique local address (ULA). Previously only private IPv4 addresses were allowed and private IPv6 addresses were rejected. Closes #30678 Signed-off-by: Tero Saarni <tero.saarni@est.tech> 2024-08-05 14:38:55 +00:00			Users can interact with {project_name} without SSL so long as they stick to private IPv4 addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, `172.16.x.x` or IPv6 link-local and unique-local addresses.
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`If you try to access {project_name} without SSL from a non-private IP address, you will get an error.`
realms 2016-05-13 14:41:36 +00:00
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00			`* None`
Converting Admin Console to Configuring Realms chapter including Realm Keys from Authentication chapter 2021-02-16 22:13:57 +00:00			`{project_name} does not require SSL. This choice applies only in development when you are experimenting and do not plan to support this deployment.`
Updating Server Admin Guide for new Admin Console (#1626) Closes #1575 2022-07-26 15:50:24 +00:00
			`* All requests`
			`{project_name} requires SSL for all IP addresses.`