keycloak-scim/server_admin/topics/realms/ssl.adoc

53 lines
1.9 KiB
Text
Raw Normal View History

[[_ssl_modes]]
2016-05-13 14:41:36 +00:00
= Configuring SSL for a realm
2016-05-13 14:41:36 +00:00
Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.
Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.
2016-05-13 14:41:36 +00:00
2019-01-24 02:03:20 +00:00
WARNING: {project_name} generates a self-signed certificate the first time it runs. Please note that self-signed certificates are not secure, and should only be used for testing purposes. It is highly recommended that you install a CA-signed certificate on the {project_name} server itself or on a reverse proxy in front of the {project_name} server. See the link:{installguide_link}[{installguide_name}].
2016-05-13 14:41:36 +00:00
.Procedure
2016-05-13 14:41:36 +00:00
ifeval::[{project_product}==true]
. Click *Realm Settings* in the menu.
. Click the *Login* tab.
+
.Login tab
image:{project_images}/login-tab.png[Login tab]
endif::[]
ifeval::[{project_community}==true]
. Click *Realm settings* in the menu.
. Click the *General* tab.
+
.General tab
image:{project_images}/general-tab.png[General Tab]
endif::[]
2016-05-13 14:41:36 +00:00
. Set *Require SSL* to one of the following SSL modes:
2016-05-13 14:41:36 +00:00
ifeval::[{project_product}==true]
* *external requests*
endif::[]
ifeval::[{project_community}==true]
* *External requests*
endif::[]
Users can interact with {project_name} without SSL so long as they stick to private IP addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, and `172.16.x.x`.
If you try to access {project_name} without SSL from a non-private IP address, you will get an error.
2016-05-13 14:41:36 +00:00
ifeval::[{project_product}==true]
* *none*
endif::[]
ifeval::[{project_community}==true]
* *None*
endif::[]
{project_name} does not require SSL. This choice applies only in development when you are experimenting and do not plan to support this deployment.
ifeval::[{project_product}==true]
* *all requests*
endif::[]
ifeval::[{project_community}==true]
* *All requests*
endif::[]
{project_name} requires SSL for all IP addresses.