libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Add instructions to configure a reverse proxy with KC

Browse source
This commit is contained in:
Stian Thorgersen 2014-06-18 09:59:23 +01:00
parent 37bfb2c594
commit 28adc28a56
1 changed files with 160 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
docbook/reference/en/en-US/modules/server-installation.xml
View file

@ -337,9 +337,17 @@ keycloak-war-dist-all-1.0-beta-3-SNAPSHOT/
<warning> <warning>
<para> <para>
Keycloak is not set up by default to handle SSL/HTTPS in either the Keycloak is not set up by default to handle SSL/HTTPS in either the
war distribution or appliance. It is highly recommended that you enable it! war distribution or appliance. It is highly recommended that you either enable SSL on the Keycloak server
itself or on a reverse proxy in front of the Keycloak server.
</para> </para>
</warning> </warning>
<para>
First enable SSL on Keycloak or on a reverse proxy in front of Keycloak. Then configure the Keycloak Server to enforce HTTPS connections.
</para>
<section>
<title>Enable SSL on Keycloak</title>
<para> <para>
The following things need to be done The following things need to be done
<itemizedlist> <itemizedlist>
@ -352,10 +360,6 @@ keycloak-war-dist-all-1.0-beta-3-SNAPSHOT/
<listitem> <listitem>
Enable JBoss or Wildfly to use this certificate and turn on SSL/HTTPS. Enable JBoss or Wildfly to use this certificate and turn on SSL/HTTPS.
</listitem> </listitem>
<listitem>
Configure the Keycloak Server to enforce HTTPS connections.
</listitem>
</itemizedlist> </itemizedlist>
</para> </para>
<section> <section>
@ -498,6 +502,30 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
Check the <ulink url="https://docs.jboss.org/author/display/AS71/SSL+setup+guide">JBoss</ulink> documentation for more information on fine tuning the socket connections. Check the <ulink url="https://docs.jboss.org/author/display/AS71/SSL+setup+guide">JBoss</ulink> documentation for more information on fine tuning the socket connections.
</para> </para>
</section> </section>
</section>
<section>
<title>Enable SSL on a Reverse Proxy</title>
<para>
Follow the documentation for your web server to enable SSL and configure reverse proxy for Keycloak.
It is important that you make sure the web server sets the <literal>X-Forwarded-For</literal> and
<literal>X-Forwarded-Proto</literal> headers on the requests made to Keycloak. Next you need to enable
<literal>proxy-address-forwarding</literal> on the Keycloak http connector. This is done by editing
<literal>standalone/configuration/standalone.xml</literal>.
</para>
<para>
<programlisting><![CDATA[<subsystem xmlns="urn:jboss:domain:undertow:1.1">
...
<http-listener name="default" socket-binding="http" proxy-address-forwarding="true"/>
...
</subsystem>
]]></programlisting>
</para>
<para>
Check the <ulink url="https://docs.jboss.org/author/display/WFLY8/Undertow+(web)+subsystem+configuration">WildFly</ulink> documentation for more information.
</para>
</section>
<section> <section>
<title>Enforce HTTPS For Server Connections</title> <title>Enforce HTTPS For Server Connections</title>
<para> <para>
@ -519,6 +547,7 @@ $ keytool -import -alias yourdomain -keystore keycloak.jks -file your-certificat
</web-app>]]></programlisting> </web-app>]]></programlisting>
</para> </para>
</section> </section>
<section> <section>
<title>Enforce HTTPS at Realm Level</title> <title>Enforce HTTPS at Realm Level</title>
<para> <para>