keycloak-scim/server_admin/topics/realms/ssl.adoc

28 lines
1.5 KiB
Text
Raw Normal View History

[[_ssl_modes]]
2016-05-13 14:41:36 +00:00
=== SSL Mode
Each realm has an SSL Mode associated with it. The SSL Mode defines the SSL/HTTPS requirements for interacting with the realm.
Browsers and applications that interact with the realm must honor the SSL/HTTPS requirements defined by the SSL Mode or they
will not be allowed to interact with the server.
2019-01-24 02:03:20 +00:00
WARNING: {project_name} generates a self-signed certificate the first time it runs. Please note that self-signed certificates are not secure, and should only be used for testing purposes. It is highly recommended that you install a CA-signed certificate on the {project_name} server itself or on a reverse proxy in front of the {project_name} server. See the link:{installguide_link}[{installguide_name}].
2016-05-13 14:41:36 +00:00
To configure the SSL Mode of your realm, you need to click on the `Realm Settings` left menu item and go to the `Login` tab.
.Login Tab
2017-08-28 12:50:14 +00:00
image:{project_images}/login-tab.png[]
2016-05-13 14:41:36 +00:00
The `Require SSL` option allows you to pick the SSL Mode you want. Here is an explanation of each mode:
external requests::
Users can interact with {project_name} without SSL so long as they stick to private IP addresses like `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, and `172.16.x.x`.
If you try to access {project_name} without SSL from a non-private IP address you will get an error.
2016-05-13 14:41:36 +00:00
none::
2017-08-28 12:50:14 +00:00
{project_name} does not require SSL. This should really only be used in development when you are playing around with things and don't want to bother
2016-05-13 14:41:36 +00:00
configuring SSL on your server.
2016-12-01 22:17:15 +00:00
all requests::
2017-08-28 12:50:14 +00:00
{project_name} requires SSL for all IP addresses.