ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 10:50:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #152 from world-direct/fix/151

Browse source 
keycloak_quarkus: allow configuration of `hostname-strict-backchannel`
This commit is contained in:
Guido Grazioli 2024-01-16 00:42:12 +01:00 committed by GitHub
commit 053d0f9873
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
roles/keycloak_quarkus/README.md
View file

@ -59,6 +59,7 @@ Role Defaults
|:---------|:------------|:--------| |:---------|:------------|:--------|
|`keycloak_quarkus_http_relative_path`| Set the path relative to / for serving resources. The path must start with a / | `/` | |`keycloak_quarkus_http_relative_path`| Set the path relative to / for serving resources. The path must start with a / | `/` |
|`keycloak_quarkus_hostname_strict`| Disables dynamically resolving the hostname from request headers | `true` | |`keycloak_quarkus_hostname_strict`| Disables dynamically resolving the hostname from request headers | `true` |
|`keycloak_quarkus_hostname_strict_backchannel`| By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled. | `false` |
* Database configuration * Database configuration

3
roles/keycloak_quarkus/defaults/main.yml
View file

@ -69,6 +69,9 @@ keycloak_quarkus_http_relative_path: /
# Disables dynamically resolving the hostname from request headers. # Disables dynamically resolving the hostname from request headers.
# Should always be set to true in production, unless proxy verifies the Host header. # Should always be set to true in production, unless proxy verifies the Host header.
keycloak_quarkus_hostname_strict: true keycloak_quarkus_hostname_strict: true
# By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications.
# If all applications use the public URL this option should be enabled.
keycloak_quarkus_hostname_strict_backchannel: false
# proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough] # proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough]
keycloak_quarkus_proxy_mode: edge keycloak_quarkus_proxy_mode: edge

4
roles/keycloak_quarkus/meta/argument_specs.yml
View file

@ -304,6 +304,10 @@ argument_specs:
default: true default: true
type: "bool" type: "bool"
description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header." description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header."
keycloak_quarkus_hostname_strict_backchannel:
default: false
type: "bool"
description: "By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled."
downstream: downstream:
options: options:
rhbk_version: rhbk_version:

1
roles/keycloak_quarkus/templates/keycloak.conf.j2
View file

@ -42,6 +42,7 @@ hostname-path={{ keycloak_quarkus_path }}
{% endif %} {% endif %}
hostname-admin-url={{ keycloak_quarkus_admin_url }} hostname-admin-url={{ keycloak_quarkus_admin_url }}
hostname-strict={{ keycloak_quarkus_hostname_strict | lower }} hostname-strict={{ keycloak_quarkus_hostname_strict | lower }}
hostname-strict-backchannel={{ keycloak_quarkus_hostname_strict_backchannel | lower }}
# Cluster # Cluster
{% if keycloak_quarkus_ha_enabled %} {% if keycloak_quarkus_ha_enabled %}