libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Describe mTLS overrides for the management interface (#30735)

Browse source 
Closes #30094

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
This commit is contained in:
Martin Bartoš 2024-06-26 12:02:36 +02:00 committed by GitHub
parent 1edf444bc8
commit 30fdba00b5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/guides/server/enabletls.adoc
View file

@ -81,4 +81,8 @@ Using the value `required` sets up {project_name} to always ask for certificates
Be aware that this is the basic certificate configuration for mTLS use cases where {project_name} acts as server. When {project_name} acts as client instead, e.g. when {project_name} tries to get a token from a token endpoint of a brokered identity provider that is secured by mTLS, you need to set up the HttpClient to provide the right certificates in the keystore for the outgoing request. To configure mTLS in these scenarios, see <@links.server id="outgoinghttp"/>. Be aware that this is the basic certificate configuration for mTLS use cases where {project_name} acts as server. When {project_name} acts as client instead, e.g. when {project_name} tries to get a token from a token endpoint of a brokered identity provider that is secured by mTLS, you need to set up the HttpClient to provide the right certificates in the keystore for the outgoing request. To configure mTLS in these scenarios, see <@links.server id="outgoinghttp"/>.
NOTE: Management interface properties are inherited from the main HTTP server, including mTLS settings.
It means when mTLS is set, it is also enabled for the management interface.
To override the behavior, use the `https-management-client-auth` property.
</@tmpl.guide> </@tmpl.guide>

6
docs/guides/server/management-interface.adoc
View file

@ -14,10 +14,10 @@ The most significant advantage might be seen in Kubernetes environments as the s
== Management interface configuration == Management interface configuration
The management interface is turned on by default, so management endpoints such as `/metrics`, and `/health` are exposed on the default management port `9000`. The management interface is turned on by default, so management endpoints such as `/metrics`, and `/health` are exposed on the default management port `9000`.
The management interface provides a set of options and is fully configurable.
In order to change the port for the management interface, you can use the {project_name} option `http-management-port`. In order to change the port for the management interface, you can use the {project_name} option `http-management-port`.
The management interface provides a set of options and is fully configurable. NOTE: If management interface properties are not explicitly set, their values are automatically inherited from the default HTTP server.
If these options for the management HTTP server are not explicitly set, their values are automatically inherited from the default HTTP server.
You can change the relative path of the management interface, as the prefix path for the management endpoints can be different. You can change the relative path of the management interface, as the prefix path for the management endpoints can be different.
You can achieve it via the {project_name} option `http-management-relative-path`. You can achieve it via the {project_name} option `http-management-relative-path`.
@ -48,4 +48,4 @@ Beware, the `legacy-observability-interface` option is deprecated and will be re
It only allows you to give more time for the migration. It only allows you to give more time for the migration.
==== ====
</@tmpl.guide> </@tmpl.guide>