libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Document --hostname-strict under reverse proxy (#12881)

Browse source
This commit is contained in:
Welton Rodrigo Torres Nascimento 2022-08-26 05:11:18 -03:00 committed by GitHub
parent 03e9512a89
commit ac6ee54455
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/guides/src/main/server/reverseproxy.adoc
View file

@ -43,6 +43,12 @@ Take extra precautions to ensure that the X-Forwarded-For header is set by your
If this header is incorrectly configured, rogue clients can set this header and trick Keycloak into thinking the client is connected from a different IP address than the actual address.
This precaution can be more critical if you do any deny or allow listing of IP addresses.
== Trust the proxy to set hostname
By default, Keycloak needs to know under which hostname it will be called. If your reverse proxy is configured to check for the correct hostname, you can set Keycloak to accept any hostname.
<@kc.start parameters="--proxy <mode> --hostname-strict=false"/>
=== Exposing the administration console
By default, the administration console URLs are created solely based on the requests to resolve the proper scheme, host name, and port. For instance,