all
none
Attribute | Value |
---|---|
Default Value | RS256 |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Request Parameter | Type | Required | Expressions Allowed | Default value | Description |
---|---|---|---|---|---|
allow-any-hostname | BOOLEAN | false | true | false | If true, hostname verification will be skipped when communicating with the OpenID provider over HTTPS. The default value is false. This can be useful in testing environments. This should never be set to true in production environments. |
always-refresh-token | BOOLEAN | false | true | false | Refresh token on every single web request |
auth-server-url | STRING | false | true | Base URL of the Realm Auth Server | |
autodetect-bearer-only | BOOLEAN | false | true | false | autodetect bearer-only requests |
client-key-password | STRING | false | true | Password for the client key. This is required if client-keystore has been specified. | |
client-keystore | STRING | false | true | Path to the client keystore to be used when communicating with the OpenID provider over HTTPS. This is optional. | |
client-keystore-password | STRING | false | true | Password for the client keystore. This is required if client-keystore has been specified. | |
confidential-port | INT | false | true | 8443 | Specify the confidential port (SSL/TLS) used by the Realm Auth Server |
connection-pool-size | INT | false | true | Connection pool size for the client used by the adapter | |
connection-timeout-millis | LONG | false | true | Timeout for establishing the connection with the remote host in milliseconds | |
connection-ttl-millis | LONG | false | true | Connection time to live in milliseconds | |
cors-allowed-headers | STRING | false | true | CORS allowed headers | |
cors-allowed-methods | STRING | false | true | CORS allowed methods | |
cors-exposed-headers | STRING | false | true | CORS exposed headers | |
cors-max-age | INT | false | true | CORS max-age header | |
disable-trust-manager | BOOLEAN | false | true | false | Adapter will not use a trust manager when making adapter HTTPS requests |
enable-cors | BOOLEAN | false | true | false | Enable Keycloak CORS support |
expose-token | BOOLEAN | false | true | false | Enable secure URL that exposes access token |
ignore-oauth-query-parameter | BOOLEAN | false | true | false | disable query parameter parsing for access_token |
principal-attribute | STRING | false | true | Indicates which claim value from the ID token to use as the principal for the identity | |
provider-url | STRING | false | true | The provider URL | |
proxy-url | STRING | false | true | The URL for the HTTP proxy if one is used. | |
realm-public-key | STRING | false | true | Public key of the realm | |
register-node-at-startup | BOOLEAN | false | true | false | Cluster setting |
register-node-period | INT | false | true | how often to re-register node | |
socket-timeout-millis | LONG | false | true | Timeout for socket waiting for data in milliseconds | |
ssl-required | STRING | false | true | external | Whether communication with the OpenID provider should be over HTTPS. Valid values are: "all" - to always require HTTPS, "external" - to only require HTTPS for external requests, "none" - if HTTPS is not required. The default value is "external". This should be set to "all" in production environments. |
token-signature-algorithm | STRING | false | true | RS256 | The token signature algorithm used by the OpenID provider |
token-store | STRING | false | true | cookie or session storage for auth session data | |
truststore | STRING | false | true | Truststore used for adapter client HTTPS requests | |
truststore-password | STRING | false | true | Password of the Truststore | |
verify-token-audience | BOOLEAN | false | true | false | If true, then during bearer-only authentication, the adapter will verify if token contains this client name (resource) as an audience |