10 a.m.
Kenyatta, does that work for you? URL patterns are:
/auth/realms/{realm}/* this is all protocol entry points. Through your
proxy, control which realms can receive SSO requests by filtering out
things by realm name aka {realm}
/auth/admin/* All admin consoles and admin REST endpoints
On 9/11/2015 7:54 AM, Felipe Braun Azambuja wrote:
I have put some rules on my reverse proxy (nginx), at least to stop
access to the admin console:
location / {
allow 1.2.3.4;
deny all;
proxy_pass http://keycloak:8080$request_uri;
}
location /auth/realms
allow all;
proxy_pass http://keycloak:8080$request_uri;
}
location /auth/resources
allow all;
proxy_pass http://keycloak:8080$request_uri;
}
Il 11/09/2015 08:48, Kenyatta Clark ha scritto:
> First of all, I would like to thank your team for doing such a nice job
> on Keycloak. It is a very solid project.
>
> We are getting ready to deploy Keycloak to production and our IT
> director is nervous about having the Master realm accessible from the
> internet. Is there anyway to configure Keycloak to disallow access to
> the Master realm from the open internet? If not, what methods do you
> suggest employing that would mitigate the risk?
>
>
> *Kenyatta Clark*
>
> *Principal Engineer, Systems Development*
>
> MBO Partners
>
> *t:* 703.793.6314
>
> *w:*www.mbopartners.com <http://www.mbopartners.com/>
>
>
> Notice: This email and any files transmitted with it are confidential.
> They are intended solely for the use of the individual addressed. If
> you have received this email in error please notify
> postmaster(a)mbopartners.com <mailto:postmaster@mbopartners.com>and
> permanently delete the e-mail and files.
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Felipe Braun Azambuja
DBA
Tecnologia da Informação e Comunicação
(48) 3281 9577
felipe.braun(a)intelbras.com.br
Esta mensagem, incluindo seus anexos, contém informações protegidas por lei, sujeitas a
privilégios e/ou confidencialidades, não podendo ser retransmitida, arquivada, divulgada
ou copiada sem autorização do remetente. O remetente utiliza o correio eletrônico no
exercício do seu trabalho ou em razão dele, eximindo esta instituição de qualquer
responsabilidade por utilização indevida. Caso tenha recebido esta mensagem por engano,
por favor informe o remetente respondendo imediatamente a este e-mail, e em seguida
apague-a do seu computador.
The information contained in this e-mail and its attachments are protected by law,
subjected to privilege and/or confidentiality and cannot be retransmitted, filed,
disclosed or copied without authorization from the sender. The sender uses the electronic
mail in the exercise of his/her work or by virtue thereof, and the institution accepts no
liability from its undue use. If you have received this message by mistake, please notify
us immediately by returning the e-mail and deleting this message from your system.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com