06bc4af50e
* Remove WildFly distribution from documentation Closes #1665 * Update server_admin/topics/authentication/webauthn.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update upgrading/topics/install_new_version.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update upgrading/topics/migrate_db.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update upgrading/topics/migrate_db.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update server_admin/topics/realms/ssl.adoc * Update server_admin/topics/user-federation/ldap.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update server_development/topics/providers.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Update server_development/topics/providers.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Remove section on cilent cert lookup in x509.adoc * Update securing_apps/topics/oidc/fapi-support.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> * Add missing images for rh-sso images by moving to shared images as we won't have RH-SSO specific theme anymore Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
52 lines
No EOL
1.5 KiB
Text
52 lines
No EOL
1.5 KiB
Text
[[_ssl_modes]]
|
|
|
|
= Configuring SSL for a realm
|
|
|
|
Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm.
|
|
Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.
|
|
|
|
|
|
.Procedure
|
|
|
|
ifeval::[{project_product}==true]
|
|
. Click *Realm Settings* in the menu.
|
|
. Click the *Login* tab.
|
|
+
|
|
.Login tab
|
|
image:{project_images}/login-tab.png[Login tab]
|
|
endif::[]
|
|
|
|
ifeval::[{project_community}==true]
|
|
. Click *Realm settings* in the menu.
|
|
. Click the *General* tab.
|
|
+
|
|
.General tab
|
|
image:{project_images}/general-tab.png[General Tab]
|
|
endif::[]
|
|
|
|
. Set *Require SSL* to one of the following SSL modes:
|
|
|
|
ifeval::[{project_product}==true]
|
|
* *external requests*
|
|
endif::[]
|
|
ifeval::[{project_community}==true]
|
|
* *External requests*
|
|
endif::[]
|
|
Users can interact with {project_name} without SSL so long as they stick to private IP addresses such as `localhost`, `127.0.0.1`, `10.x.x.x`, `192.168.x.x`, and `172.16.x.x`.
|
|
If you try to access {project_name} without SSL from a non-private IP address, you will get an error.
|
|
|
|
ifeval::[{project_product}==true]
|
|
* *none*
|
|
endif::[]
|
|
ifeval::[{project_community}==true]
|
|
* *None*
|
|
endif::[]
|
|
{project_name} does not require SSL. This choice applies only in development when you are experimenting and do not plan to support this deployment.
|
|
|
|
ifeval::[{project_product}==true]
|
|
* *all requests*
|
|
endif::[]
|
|
ifeval::[{project_community}==true]
|
|
* *All requests*
|
|
endif::[]
|
|
{project_name} requires SSL for all IP addresses. |