ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 02:40:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #139 from guidograzioli/128_hostname_strict

Browse source 
keycloak_quarkus: add hostname-strict parameter
This commit is contained in:
Guido Grazioli 2023-12-05 12:44:02 +01:00 committed by GitHub
commit 75899dfa77
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/keycloak_quarkus/README.md
View file

@ -50,6 +50,13 @@ Role Defaults
|`keycloak_quarkus_trust_store_password`| Password for the trust store | `""` |
* Hostname configuration
| Variable | Description | Default |
|:---------|:------------|:--------|
|`keycloak_quarkus_http_relative_path`| Set the path relative to / for serving resources. The path must start with a / | `/` |
|`keycloak_quarkus_hostname_strict`| Disables dynamically resolving the hostname from request headers | `true` |
* Database configuration
@ -118,6 +125,8 @@ Role Variables
| Variable | Description | Required |
|:---------|:------------|----------|
|`keycloak_quarkus_admin_pass`| Password of console admin account | `yes` |
|`keycloak_quarkus_frontend_url`| Base URL for frontend URLs, including scheme, host, port and path | `no` |
|`keycloak_quarkus_admin_url`| Base URL for accessing the administration console, including scheme, host, port and path | `no` |
License

4
roles/keycloak_quarkus/defaults/main.yml
View file

@ -63,6 +63,10 @@ keycloak_quarkus_admin_url:
### (set to `/auth` for retrocompatibility with pre-quarkus releases)
keycloak_quarkus_http_relative_path: /
# Disables dynamically resolving the hostname from request headers.
# Should always be set to true in production, unless proxy verifies the Host header.
keycloak_quarkus_hostname_strict: true
# proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough]
keycloak_quarkus_proxy_mode: edge

4
roles/keycloak_quarkus/meta/argument_specs.yml
View file

@ -288,3 +288,7 @@ argument_specs:
default: true
type: "bool"
description: "Enable or disable XA transactions which may not be supported by some DBMS"
keycloak_quarkus_hostname_strict:
default: true
type: "bool"
description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header."

1
roles/keycloak_quarkus/templates/keycloak.conf.j2
View file

@ -41,6 +41,7 @@ hostname-port={{ keycloak_quarkus_port }}
hostname-path={{ keycloak_quarkus_path }}
{% endif %}
hostname-admin-url={{ keycloak_quarkus_admin_url }}
hostname-strict={{ keycloak_quarkus_hostname_strict | lower }}
# Cluster
{% if keycloak_quarkus_ha_enabled %}