libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-19080 Simplify the RHSSO setup in an OpenShift Disconnected cluster (#1269)

Browse source
This commit is contained in:
Václav Muzikář 2021-11-10 11:56:11 +01:00 committed by GitHub
parent 0a0d802f1a
commit 163d79e0d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
server_installation/topics/network/outgoing.adoc
View file

@ -135,6 +135,46 @@ Note that one needs to encode `"` characters with `\"`.
</spi>
----
[[_proxy_env_vars]]
==== Using standard environment variables
Alternatively, it is possible to use standard environment variables to configure the proxy mappings, that is `HTTP_PROXY`, `HTTPS_PROXY`
and `NO_PROXY` variables.
The `HTTP_PROXY` and `HTTPS_PROXY` variables represent the proxy server that should be used for all outgoing HTTP requests.
{project_name} does not differ between the two. If both are specified, `HTTPS_PROXY` takes the precedence regardless of
the actual scheme the proxy server uses.
The `NO_PROXY` variable is used to define a comma separated list of hostnames that should not use the proxy.
If a hostname is specified, all its prefixes (subdomains) are also excluded from using proxy.
Take the following example:
[source]
----
HTTPS_PROXY=https://www-proxy.acme.com:8080
NO_PROXY=google.com,login.facebook.com
----
In this example, all outgoing HTTP requests will use `\https://www-proxy.acme.com:8080` proxy server except for requests
to for example `login.google.com`, `google.com`, `auth.login.facebook.com`. However, for example `groups.facebook.com` will be routed
through the proxy.
NOTE: The environment variables can be lowercase or uppercase. Lowercase takes precedence. For example if both `HTTP_PROXY` and
`http_proxy` are defined, `http_proxy` will be used.
If proxy mappings are defined using the subsystem configuration (as described above), the environment variables are not
considered by {project_name}. This scenario applies in case no proxy server should be used despite having for example `HTTP_PROXY`
environment variable defined. To do so, you can specify a generic no proxy route as follows:
[source,xml]
----
<spi name="connectionsHttpClient">
<provider name="default" enabled="true">
<properties>
<property name="proxy-mappings" value=".*;NO_PROXY"/>
</properties>
</provider>
</spi>
----
[[_truststore]]
==== Outgoing HTTPS Request Truststore

11
upgrading/topics/keycloak/changes.adoc
View file

@ -1,5 +1,16 @@
== Migration Changes
=== Migrating to 16.0.0
==== Proxy environment variables
{project_name} now respects the standard `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` environment variables for outgoing
HTTP requests. This change could lead to unexpected use of a proxy server if you have for example the `HTTP_PROXY` variable defined but have no
explicit proxy mappings specified in your SPI configuration. To prevent {project_name} from using those environment variables,
you can explicitly create a no proxy route for all requests as `.*;NO_PROXY`.
For more details, see the link:{installguide_link}#_proxy_env_vars[related chapter in the {installguide_name}].
=== Migrating to 14.0.0
==== Client Policies Migration