Skip to content
Snippets Groups Projects
Commit 7c97deab authored by Rohith's avatar Rohith
Browse files

- updating the readme with info on https for forwarding proxy

parent cd39d8ea
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 10 additions and 0 deletions
README.md
+ 10
0
View file @ 7c97deab
...@@ -255,6 +255,16 @@ You have collection of micro-services which are permitted to speak to one anothe ...@@ -255,6 +255,16 @@ You have collection of micro-services which are permitted to speak to one anothe
Receiver side you could setup the keycloak-proxy (--no=redirects=true) and permit this proxy to verify and handle admission for you. Alternatively, the access token can found as a bearer token in the request. Receiver side you could setup the keycloak-proxy (--no=redirects=true) and permit this proxy to verify and handle admission for you. Alternatively, the access token can found as a bearer token in the request.
##### **- Forwarding Signing HTTPS Connect**
Handling HTTPS requires man in the middling the TLS connection. By default if no -tls-ca-cert and -tls-ca-key is provided the proxy will use the default certificate. If you wish to verify the trust, you'll need to generate a CA, for example
```shell
[jest@starfury keycloak-proxy]$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ca.key -out ca.pem
[jest@starfury keycloak-proxy]$ bin/keycloak-proxy --enable-forwarding --forwarding-username=USERNAME --forwarding-password=PASSWORD --client-id=CLIENT_ID --client-secret=SECRET --discovery-url=https://keycloak.example.com/auth/realms/test --log-requests=true --tls-ca-cert=ca.pem --tls-ca-key=ca.key
#### **- URL Tokenization (in-progress)** #### **- URL Tokenization (in-progress)**
--- ---
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment