Merge pull request #5 from aasingh/master
QE feedback comments incorporated
This commit is contained in:
commit
8839a3d9e9
5 changed files with 11 additions and 12 deletions
4
topics/cache/disable.adoc
vendored
4
topics/cache/disable.adoc
vendored
|
@ -10,13 +10,13 @@ Here's what the config looks like initially.
|
|||
----
|
||||
|
||||
"userCache": {
|
||||
"infinispan" : {
|
||||
"default" : {
|
||||
"enabled": true
|
||||
}
|
||||
},
|
||||
|
||||
"realmCache": {
|
||||
"infinispan" : {
|
||||
"default" : {
|
||||
"enabled": true
|
||||
}
|
||||
},
|
||||
|
|
|
@ -4,15 +4,12 @@
|
|||
WARNING: {{book.project.name}} is not set up by default to handle SSL/HTTPS.
|
||||
It is highly recommended that you either enable SSL on the {{book.project.name}} server itself or on a reverse proxy in front of the {{book.project.name}} server.
|
||||
|
||||
{{book.project.name}} can run out of the box without SSL/HTTPS so long as you stick to private IP addresses like localhost, 127.0.0.1, 10.0.x.x, 192.168.x.x, and 172..16.x.x.
|
||||
If you try to access {{book.project.name}} out of the box via a non-private IP address you will get an error.
|
||||
|
||||
This default behavior is defined by the SSL/HTTPS mode of each {{book.project.name}} realm. This is discussed in more detail in the
|
||||
link:{{book.adminguide.link}}[{{book.adminguide.name}}], but let's give some context and a brief overview of these modes.
|
||||
|
||||
external::
|
||||
{{book.project.name}} can run out of the box without SSL so long as you stick to private IP addresses like `localhost`, `127.0.0.1`, `10.0.x.x`, `192.168.x.x`, and `172..16.x.x`.
|
||||
If you try to access {{book.project.name}} from a non-private IP adress you will get an error.
|
||||
If you don’t have SSL/HTTPS configured on the server or you try to access {{book.project.name}} over HTTP from a non-private IP adress you will get an error.
|
||||
|
||||
none::
|
||||
{{book.project.name}} does not require SSL. This should really only be used in development when you are playing around with things.
|
||||
|
|
|
@ -72,7 +72,7 @@ You can use _keytool_ to create a new truststore file or add trusted host certif
|
|||
$ keytool -import -alias HOSTDOMAIN -keystore truststore.jks -file host-certificate.cer
|
||||
----
|
||||
|
||||
The truststore is configured within the_keycloak-server.json_ file. The location of this file depends on your <<fake/../../operating-mode.adoc#_operating-mode, operating mode>>.
|
||||
The truststore is configured within the _keycloak-server.json_ file. The location of this file depends on your <<fake/../../operating-mode.adoc#_operating-mode, operating mode>>.
|
||||
You can add your truststore configuration by using the following template:
|
||||
|
||||
[source]
|
||||
|
|
|
@ -42,7 +42,7 @@ from the domain controller.
|
|||
|
||||
Various other chapters in this guide walk you through configuring various aspects like databases,
|
||||
HTTP network connections, caches, and other infrastructure related things. While standalone mode uses the _standalone.xml_ file to configure these things,
|
||||
domain mode uses the _.../domain/domain.xml_ configuration file. This is
|
||||
domain mode uses the _.../domain/configuration/domain.xml_ configuration file. This is
|
||||
where the domain profile and server group for the {{book.project.name}} server are defined.
|
||||
|
||||
|
||||
|
@ -53,7 +53,7 @@ WARNING: Any changes you make to this file while the domain controller is runnin
|
|||
by the server. Instead use the the command line scripting or the web console of {{book.appserver.name}}. See
|
||||
the link:{{book.appserver.admindoc.link}}[{{book.appserver.admindoc.name}}] for more information.
|
||||
|
||||
Let's look at some aspects of this _domain.xml_ file. The `auth-serve-standalone` and `auth-server-clustered` `profile` XML block is where you are going to make the bulk of your configuration decisions.
|
||||
Let's look at some aspects of this _domain.xml_ file. The `auth-server-standalone` and `auth-server-clustered` `profile` XML blocks are where you are going to make the bulk of your configuration decisions.
|
||||
You'll be configuring things here like network connections, caches, and database connections.
|
||||
|
||||
|
||||
|
@ -174,10 +174,10 @@ The structure of these per server directories ends up looking like any other {{b
|
|||
.Working Directories
|
||||
image:../../{{book.images}}/domain-server-dir.png[]
|
||||
|
||||
==== {{book.project.name}} JSon Configuration
|
||||
==== {{book.project.name}} JSON Configuration
|
||||
|
||||
Unfortunately, there is no centralized way to manage the _keycloak.json_ file. You'll have to manage a copy of this file
|
||||
in every server instance you deploy. This file must exist in the _.../domain/servers/{SERVER NAME}/configuration directory.
|
||||
in every server instance you deploy. This file must exist in the _.../domain/servers/{SERVER NAME}/configuration directory._
|
||||
|
||||
.JSON Configuration
|
||||
image:../../{{book.images}}/domain-json-config.png[]
|
||||
|
@ -264,6 +264,8 @@ $ add-user.sh
|
|||
To represent the user add the following to the server-identities definition <secret value="bWdtdDEyMyE=" />
|
||||
----
|
||||
|
||||
NOTE: The add-user.sh does not add user to {{book.project.name}} server but to the underlying JBoss Enterprise Application Platform. The credentials used and generated in the above script are only for example purpose. Please use the ones generated on your system.
|
||||
|
||||
Now cut and paste the secret value into the _.../domain/configuration/host-slave.xml_ file as follows:
|
||||
|
||||
[source,xml]
|
||||
|
|
|
@ -46,7 +46,7 @@ WARNING: Any changes you make to this file while the server is running will not
|
|||
==== Standalone {{book.project.name}} JSON Configuration
|
||||
|
||||
{{book.project.name}} has a json configuration file that is specific to {{book.project.name}} components. This configuration is located within
|
||||
the file_.../standalone/configuration/keycloak.json_. This file is used to configure non-infrastructure level things that are
|
||||
the file.../standalone/configuration/keycloak-server.json. This file is used to configure non-infrastructure level things that are
|
||||
only applicable to {{book.project.name}}
|
||||
|
||||
.Standalone {{book.project.name}} Config File
|
||||
|
|
Loading…
Reference in a new issue