libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Enhance documentation regarding edge termination (#30170)

Browse source 
Closes #29665

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
This commit is contained in:
MWarnecke 2024-06-10 09:47:20 +02:00 committed by GitHub
parent d29dbf0f7a
commit 0c6558612f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/guides/server/reverseproxy.adoc
View file

@ -29,6 +29,8 @@ If this header is incorrectly configured, rogue clients can set this header and
NOTE: When using the `xforwarded` setting, the `X-Forwarded-Port` takes precedence over any port included in the `X-Forwarded-Host`. NOTE: When using the `xforwarded` setting, the `X-Forwarded-Port` takes precedence over any port included in the `X-Forwarded-Host`.
NOTE: If the TLS connection is terminated at the reverse proxy (edge termination), enabling HTTP through the http-enabled setting is required.
== Proxy modes == Proxy modes
NOTE: The support for setting proxy modes is deprecated and will be removed in a future {project_name} release. Consider configuring accepted reverse proxy headers instead as described in the chapter above. For migration instructions consult the https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option[Upgrading Guide]. NOTE: The support for setting proxy modes is deprecated and will be removed in a future {project_name} release. Consider configuring accepted reverse proxy headers instead as described in the chapter above. For migration instructions consult the https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option[Upgrading Guide].

5
quarkus/config-api/src/main/java/org/keycloak/config/ProxyOptions.java
View file

@ -1,6 +1,7 @@
package org.keycloak.config; package org.keycloak.config;
import java.util.Set; import java.util.List;
import java.util.TreeSet;
public class ProxyOptions { public class ProxyOptions {
@ -39,7 +40,7 @@ public class ProxyOptions {
.category(OptionCategory.PROXY) .category(OptionCategory.PROXY)
.description("The proxy address forwarding mode if the server is behind a reverse proxy.") .description("The proxy address forwarding mode if the server is behind a reverse proxy.")
.defaultValue(Mode.none) .defaultValue(Mode.none)
.deprecated(Set.of(PROXY_HEADERS.getKey())) .deprecated(new TreeSet<>(List.of(PROXY_HEADERS.getKey(), HttpOptions.HTTP_ENABLED.getKey())))
.build(); .build();
public static final Option<Boolean> PROXY_FORWARDED_HOST = new OptionBuilder<>("proxy-forwarded-host", Boolean.class) public static final Option<Boolean> PROXY_FORWARDED_HOST = new OptionBuilder<>("proxy-forwarded-host", Boolean.class)

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt vendored
View file

@ -236,7 +236,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a --proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough. reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers. Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers> --proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt vendored
View file

@ -312,7 +312,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a --proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough. reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers. Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers> --proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt vendored
View file

@ -237,7 +237,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a --proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough. reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers. Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers> --proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt vendored
View file

@ -313,7 +313,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a --proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough. reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers. Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers> --proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt vendored
View file

@ -189,7 +189,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a --proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough. reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers. Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers> --proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt vendored
View file

@ -265,7 +265,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a --proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough. reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers. Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers> --proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence might leave the server exposed to security vulnerabilities. Takes precedence