True, didn't consider that part. The real-time info should
probably be
moved to the info endpoint, while the list/details about providers
kept at ServerInfoAdminResource.
On 9 January 2017 at 09:05, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
Current ServerInfoAdminResource provides information about
available providers etc, but also some real-time info about
system, CPU, memory etc. Isn't that similar to the health-checks
in the new endpoint, which you are proposing?
Marek
On 09/01/17 08:42, Stian Thorgersen wrote:
> Maybe, but I don't see any real benefit in doing that. The two
> serves quite different purposes as well.
>
> On 6 January 2017 at 16:21, Marek Posolda <mposolda(a)redhat.com
> <mailto:mposolda@redhat.com>> wrote:
>
> +1
>
> I wonder if it's cleaner that we also add existing stuff in
> ServerInfoAdminResource to this SPI?
>
> One minor thing, it seems there is not handling of preflight
> OPTIONS request in your new endpoint?
>
> Marek
>
>
> On 06/01/17 09:31, Stian Thorgersen wrote:
>
> I've been looking at some issues with reverse proxy when
> Keycloak is
> installed on EAP 7.0.3+ [1]. While doing so I found out
> that it's fairly
> inconvenient and not straightforward to debug if the
> proxy configuration is
> correct.
>
> To verify URLs you have to for example open the
> well-known endpoint for
> OIDC. Then you have to verify the remote IP address by
> doing a failed login
> attempt and looking at the server log.
>
> To make this simpler I propose adding the start of a
> server info endpoint.
> It will be a SPI that allows plugging in server info
> providers that can
> show different details if authenticated or not.
>
> You can either view info for all providers at a time with
> "/realms/master/.info" or for a specific provider
> "/realms/master/.info/proxy".
>
> The proxy info provider will display:
>
> {
> "authServerUrl" : "http://host1/auth",
> "remoteAddress" : "127.0.0.1",
> "proxyDetected" : true,
> "headers" : {
> "Host" : "host1",
> "X-Forwarded-For" : "1.2.3.4",
> "X-Forwarded-Host" : "host2",
> "X-Forwarded-Proto" : "https"
> }
> }
>
> Implementation is ready [2] I just need to get feedback
> and add tests.
>
> In the future we can expand on this to for instance
> provide a health
> monitoring endpoint that allows checking the server
> health (JPA
> connections, Infinispan connections, IdP connections,
> user fed connections,
> etc.).
>
> [1]
https://issues.jboss.org/browse/KEYCLOAK-4149
> <
https://issues.jboss.org/browse/KEYCLOAK-4149>
> [2]
>
https://github.com/stianst/keycloak/commit/99abbc47c49585d1e62c74f3ea227e...
>
<
https://github.com/stianst/keycloak/commit/99abbc47c49585d1e62c74f3ea227e...
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> <mailto:keycloak-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
> <
https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>
>
>