libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Update docs/guides/src/main/server/hostname.adoc

Browse source 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Dominik Guhr 2022-05-10 09:15:47 +02:00 committed by Pedro Igor
parent 7a8d38eae3
commit b484bc1268
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/guides/src/main/server/hostname.adoc
View file

@ -65,7 +65,9 @@ The `hostname-path` configuration takes effect when a reverse proxy is enabled.
For details, see the <@links.server id="reverseproxy"/> Guide.
== Accessing Keycloak in production mode using HTTP
Keycloak follows the "secure by design" principle, so it is absolutely not recommmended to access Keycloak without proper transport encryption, as this opens up multiple attack vectors.
When a `hostname` is set and the server is running in production mode, all the URLs generated by the server are going to use the `HTTPS` scheme. If you are not setting up TLS you might run into issues because some URLs generated by the server won't work.
Keycloak follows the "secure by design" principle, so it is absolutely not recommended to access Keycloak without proper transport encryption, as this opens up multiple attack vectors.
Nevertheless there are environments, where Keycloak is deployed behind a proxy/load balancer that terminates TLS completely and the internal requests are done using the unencrypted HTTP protocol.