Current ServerInfoAdminResource provides information about available
providers etc, but also some real-time info about system, CPU, memory
etc. Isn't that similar to the health-checks in the new endpoint, which
you are proposing?
Marek
On 09/01/17 08:42, Stian Thorgersen wrote:
Maybe, but I don't see any real benefit in doing that. The two
serves
quite different purposes as well.
On 6 January 2017 at 16:21, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
+1
I wonder if it's cleaner that we also add existing stuff in
ServerInfoAdminResource to this SPI?
One minor thing, it seems there is not handling of preflight
OPTIONS request in your new endpoint?
Marek
On 06/01/17 09:31, Stian Thorgersen wrote:
I've been looking at some issues with reverse proxy when
Keycloak is
installed on EAP 7.0.3+ [1]. While doing so I found out that
it's fairly
inconvenient and not straightforward to debug if the proxy
configuration is
correct.
To verify URLs you have to for example open the well-known
endpoint for
OIDC. Then you have to verify the remote IP address by doing a
failed login
attempt and looking at the server log.
To make this simpler I propose adding the start of a server
info endpoint.
It will be a SPI that allows plugging in server info providers
that can
show different details if authenticated or not.
You can either view info for all providers at a time with
"/realms/master/.info" or for a specific provider
"/realms/master/.info/proxy".
The proxy info provider will display:
{
"authServerUrl" : "http://host1/auth",
"remoteAddress" : "127.0.0.1",
"proxyDetected" : true,
"headers" : {
"Host" : "host1",
"X-Forwarded-For" : "1.2.3.4",
"X-Forwarded-Host" : "host2",
"X-Forwarded-Proto" : "https"
}
}
Implementation is ready [2] I just need to get feedback and
add tests.
In the future we can expand on this to for instance provide a
health
monitoring endpoint that allows checking the server health (JPA
connections, Infinispan connections, IdP connections, user fed
connections,
etc.).
[1]
https://issues.jboss.org/browse/KEYCLOAK-4149
<
https://issues.jboss.org/browse/KEYCLOAK-4149>
[2]
https://github.com/stianst/keycloak/commit/99abbc47c49585d1e62c74f3ea227e...
<
https://github.com/stianst/keycloak/commit/99abbc47c49585d1e62c74f3ea227e...
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<
https://lists.jboss.org/mailman/listinfo/keycloak-dev>