From fbe26e28f11ee1f54089c7d063fbf96692ae84db Mon Sep 17 00:00:00 2001 From: mposolda Date: Tue, 16 Dec 2014 14:04:04 +0100 Subject: [PATCH] Minor improvements/fixes in documentation --- .../reference/en/en-US/modules/clustering.xml | 21 +++++++++++++++++++ .../en/en-US/modules/jetty9-adapter.xml | 2 +- .../modules/security-vulnerabilities.xml | 2 +- .../testsuite/jaxrs/JaxrsFilterTest.java | 1 + 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/docbook/reference/en/en-US/modules/clustering.xml b/docbook/reference/en/en-US/modules/clustering.xml index a70bbb0921..350c47feeb 100755 --- a/docbook/reference/en/en-US/modules/clustering.xml +++ b/docbook/reference/en/en-US/modules/clustering.xml @@ -216,4 +216,25 @@ +
+ Troubleshooting + + Note that when you run cluster, you should see message similar to this in the log of both cluster nodes: + + + + If you see just one node mentioned, it's possible that your cluster hosts are not joined together. + + + Usually it's best practice to have your cluster nodes on private network without firewall for communication among them. + Firewall could be enabled just on public access point to your network instead. If for some reason you still need to have firewall + enabled on cluster nodes, you will need to open some ports. Default values are UDP port 55200 and multicast port 45688 + with multicast address 230.0.0.4. Note that you may need more ports opened if you want to enable additional features like diagnostics for your JGroups stack. + Keycloak delegates most of the clustering work to Infinispan/JGroups, so consult EAP or JGroups documentation for more info. + +
+ diff --git a/docbook/reference/en/en-US/modules/jetty9-adapter.xml b/docbook/reference/en/en-US/modules/jetty9-adapter.xml index ad7d1c86b1..57dd8028fe 100755 --- a/docbook/reference/en/en-US/modules/jetty9-adapter.xml +++ b/docbook/reference/en/en-US/modules/jetty9-adapter.xml @@ -145,7 +145,7 @@ $ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak BASIC - this is ignored currently/realm-name> + this is ignored currently diff --git a/docbook/reference/en/en-US/modules/security-vulnerabilities.xml b/docbook/reference/en/en-US/modules/security-vulnerabilities.xml index 49a29882fe..513702a37d 100755 --- a/docbook/reference/en/en-US/modules/security-vulnerabilities.xml +++ b/docbook/reference/en/en-US/modules/security-vulnerabilities.xml @@ -4,7 +4,7 @@ This chapter discusses possible security vulnerabilities Keycloak could have, how Keycloak mitigates those vulnerabilities, and what steps you need to do to configure Keycloak to mitigate some vulnerabilities. A good list of potential vulnerabilities and what security implementations should do to mitigate them can be found in the - OAuth 2.0 Thread Model document put out by the IETF. Many of those vulnerabilities are discussed here. + OAuth 2.0 Threat Model document put out by the IETF. Many of those vulnerabilities are discussed here.
SSL/HTTPS Requirement diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java index 936792dc05..16f00f525b 100644 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java +++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/jaxrs/JaxrsFilterTest.java @@ -317,6 +317,7 @@ public class JaxrsFilterTest { // @Test public void testCxfExample() { String uri = "http://localhost:9000/customerservice/customers/123"; + //String uri = "http://localhost:8080/jax_rs_basic_servlet/services/service1/customerservice/customers/123"; Response resp = client.target(uri).request() .get(); Assert.assertEquals(resp.getStatus(), 401);