libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Enhance documentation regarding edge termination (#30170)

Browse source 
Closes #29665

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
This commit is contained in:
MWarnecke 2024-06-10 09:47:20 +02:00 committed by GitHub
parent d29dbf0f7a
commit 0c6558612f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 17 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/guides/server/reverseproxy.adoc
View file

@ -29,6 +29,8 @@ If this header is incorrectly configured, rogue clients can set this header and
NOTE: When using the `xforwarded` setting, the `X-Forwarded-Port` takes precedence over any port included in the `X-Forwarded-Host`.
NOTE: If the TLS connection is terminated at the reverse proxy (edge termination), enabling HTTP through the http-enabled setting is required.
== Proxy modes
NOTE: The support for setting proxy modes is deprecated and will be removed in a future {project_name} release. Consider configuring accepted reverse proxy headers instead as described in the chapter above. For migration instructions consult the https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option[Upgrading Guide].

5
quarkus/config-api/src/main/java/org/keycloak/config/ProxyOptions.java
View file

@ -1,6 +1,7 @@
package org.keycloak.config;
import java.util.Set;
import java.util.List;
import java.util.TreeSet;
public class ProxyOptions {
@ -39,7 +40,7 @@ public class ProxyOptions {
.category(OptionCategory.PROXY)
.description("The proxy address forwarding mode if the server is behind a reverse proxy.")
.defaultValue(Mode.none)
.deprecated(Set.of(PROXY_HEADERS.getKey()))
.deprecated(new TreeSet<>(List.of(PROXY_HEADERS.getKey(), HttpOptions.HTTP_ENABLED.getKey())))
.build();
public static final Option<Boolean> PROXY_FORWARDED_HOST = new OptionBuilder<>("proxy-forwarded-host", Boolean.class)

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.approved.txt vendored
View file

@ -236,7 +236,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers.
Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.approved.txt vendored
View file

@ -312,7 +312,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers.
Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.approved.txt vendored
View file

@ -237,7 +237,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers.
Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.approved.txt vendored
View file

@ -313,7 +313,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers.
Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.approved.txt vendored
View file

@ -189,7 +189,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers.
Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence

3
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.approved.txt vendored
View file

@ -265,7 +265,8 @@ Proxy:
--proxy <mode> DEPRECATED. The proxy address forwarding mode if the server is behind a
reverse proxy. Possible values are: none, edge, reencrypt, passthrough.
Default: none. Use the following option instead: proxy-headers.
Default: none. Use the following options instead: http-enabled,
proxy-headers.
--proxy-headers <headers>
The proxy headers that should be accepted by the server. Misconfiguration
might leave the server exposed to security vulnerabilities. Takes precedence