Re: [keycloak-dev] Info endpoint to simplify debugging proxy config

True, didn't consider that part. The real-time info should probably be moved to the info endpoint, while the list/details about providers kept at ServerInfoAdminResource. On 9 January 2017 at 09:05, Marek Posolda <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote: Current ServerInfoAdminResource provides information about available providers etc, but also some real-time info about system, CPU, memory etc. Isn't that similar to the health-checks in the new endpoint, which you are proposing? Marek On 09/01/17 08:42, Stian Thorgersen wrote: > Maybe, but I don't see any real benefit in doing that. The two > serves quite different purposes as well. > > On 6 January 2017 at 16:21, Marek Posolda <mposolda(a)redhat.com > <mailto:mposolda@redhat.com>> wrote: > > +1 > > I wonder if it's cleaner that we also add existing stuff in > ServerInfoAdminResource to this SPI? > > One minor thing, it seems there is not handling of preflight > OPTIONS request in your new endpoint? > > Marek > > > On 06/01/17 09:31, Stian Thorgersen wrote: > > I've been looking at some issues with reverse proxy when > Keycloak is > installed on EAP 7.0.3+ [1]. While doing so I found out > that it's fairly > inconvenient and not straightforward to debug if the > proxy configuration is > correct. > > To verify URLs you have to for example open the > well-known endpoint for > OIDC. Then you have to verify the remote IP address by > doing a failed login > attempt and looking at the server log. > > To make this simpler I propose adding the start of a > server info endpoint. > It will be a SPI that allows plugging in server info > providers that can > show different details if authenticated or not. > > You can either view info for all providers at a time with > "/realms/master/.info" or for a specific provider > "/realms/master/.info/proxy". > > The proxy info provider will display: > > { > "authServerUrl" : "http://host1/auth", > "remoteAddress" : "127.0.0.1", > "proxyDetected" : true, > "headers" : { > "Host" : "host1", > "X-Forwarded-For" : "1.2.3.4", > "X-Forwarded-Host" : "host2", > "X-Forwarded-Proto" : "https" > } > } > > Implementation is ready [2] I just need to get feedback > and add tests. > > In the future we can expand on this to for instance > provide a health > monitoring endpoint that allows checking the server > health (JPA > connections, Infinispan connections, IdP connections, > user fed connections, > etc.). > > [1] https://issues.jboss.org/browse/KEYCLOAK-4149 > <https://issues.jboss.org/browse/KEYCLOAK-4149> > [2] > https://github.com/stianst/keycloak/commit/99abbc47c49585d1e62c74f3ea227e... > <https://github.com/stianst/keycloak/commit/99abbc47c49585d1e62c74f3ea227e... > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > <mailto:keycloak-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-dev > <https://lists.jboss.org/mailman/listinfo/keycloak-dev> > > > >