WildFly Full 27 Model Reference

  1. home
  2. subsystem=elytron-oidc-client
  3. provider

An OpenID Connect provider

Attributes (32)

  • allow-any-hostname If true, hostname verification will be skipped when communicating with the OpenID provider over HTTPS. The default value is false. This can be useful in testing environments. This should never be set to true in production environments.
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • always-refresh-token Refresh token on every single web request
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • auth-server-url Base URL of the Realm Auth Server
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • autodetect-bearer-only autodetect bearer-only requests
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • client-key-password Password for the client key. This is required if client-keystore has been specified.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • client-keystore Path to the client keystore to be used when communicating with the OpenID provider over HTTPS. This is optional.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • client-keystore-password Password for the client keystore. This is required if client-keystore has been specified.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • confidential-port Specify the confidential port (SSL/TLS) used by the Realm Auth Server
    • Attribute Value
    Default Value 8443
    Type INT
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • connection-pool-size Connection pool size for the client used by the adapter
    • Attribute Value
    Type INT
    Nillable true
    Expressions Allowed true
    Min 0
    Max 2,147,483,647
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • connection-timeout-millis Timeout for establishing the connection with the remote host in milliseconds
    • Attribute Value
    Type LONG
    Nillable true
    Expressions Allowed true
    Min -1
    Max 2,147,483,647
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • connection-ttl-millis Connection time to live in milliseconds
    • Attribute Value
    Type LONG
    Nillable true
    Expressions Allowed true
    Min -1
    Max 2,147,483,647
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • cors-allowed-headers CORS allowed headers
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • cors-allowed-methods CORS allowed methods
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • cors-exposed-headers CORS exposed headers
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • cors-max-age CORS max-age header
    • Attribute Value
    Type INT
    Nillable true
    Expressions Allowed true
    Min -1
    Max 2,147,483,647
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • disable-trust-manager Adapter will not use a trust manager when making adapter HTTPS requests
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • enable-cors Enable Keycloak CORS support
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • expose-token Enable secure URL that exposes access token
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • ignore-oauth-query-parameter disable query parameter parsing for access_token
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • principal-attribute Indicates which claim value from the ID token to use as the principal for the identity
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • provider-url The provider URL
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • proxy-url The URL for the HTTP proxy if one is used.
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • realm-public-key Public key of the realm
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • register-node-at-startup Cluster setting
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • register-node-period how often to re-register node
    • Attribute Value
    Type INT
    Nillable true
    Expressions Allowed true
    Min -1
    Max 2,147,483,647
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • socket-timeout-millis Timeout for socket waiting for data in milliseconds
    • Attribute Value
    Type LONG
    Nillable true
    Expressions Allowed true
    Min -1
    Max 2,147,483,647
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • ssl-required Whether communication with the OpenID provider should be over HTTPS. Valid values are: "all" - to always require HTTPS, "external" - to only require HTTPS for external requests, "none" - if HTTPS is not required. The default value is "external". This should be set to "all" in production environments.
    • Attribute Value
    Default Value external
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
    Allowed Values external
    all
    none
  • token-signature-algorithm The token signature algorithm used by the OpenID provider
    • Attribute Value
    Default Value RS256
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • token-store cookie or session storage for auth session data
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • truststore Truststore used for adapter client HTTPS requests
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • truststore-password Password of the Truststore
    • Attribute Value
    Type STRING
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services
  • verify-token-audience If true, then during bearer-only authentication, the adapter will verify if token contains this client name (resource) as an audience
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required no-services

Operations (2)

  • add Add a realm definition to the subsystem
    Request Parameter Type Required Expressions Allowed Default value Description
    allow-any-hostname BOOLEAN false true false If true, hostname verification will be skipped when communicating with the OpenID provider over HTTPS. The default value is false. This can be useful in testing environments. This should never be set to true in production environments.
    always-refresh-token BOOLEAN false true false Refresh token on every single web request
    auth-server-url STRING false true Base URL of the Realm Auth Server
    autodetect-bearer-only BOOLEAN false true false autodetect bearer-only requests
    client-key-password STRING false true Password for the client key. This is required if client-keystore has been specified.
    client-keystore STRING false true Path to the client keystore to be used when communicating with the OpenID provider over HTTPS. This is optional.
    client-keystore-password STRING false true Password for the client keystore. This is required if client-keystore has been specified.
    confidential-port INT false true 8443 Specify the confidential port (SSL/TLS) used by the Realm Auth Server
    connection-pool-size INT false true Connection pool size for the client used by the adapter
    connection-timeout-millis LONG false true Timeout for establishing the connection with the remote host in milliseconds
    connection-ttl-millis LONG false true Connection time to live in milliseconds
    cors-allowed-headers STRING false true CORS allowed headers
    cors-allowed-methods STRING false true CORS allowed methods
    cors-exposed-headers STRING false true CORS exposed headers
    cors-max-age INT false true CORS max-age header
    disable-trust-manager BOOLEAN false true false Adapter will not use a trust manager when making adapter HTTPS requests
    enable-cors BOOLEAN false true false Enable Keycloak CORS support
    expose-token BOOLEAN false true false Enable secure URL that exposes access token
    ignore-oauth-query-parameter BOOLEAN false true false disable query parameter parsing for access_token
    principal-attribute STRING false true Indicates which claim value from the ID token to use as the principal for the identity
    provider-url STRING false true The provider URL
    proxy-url STRING false true The URL for the HTTP proxy if one is used.
    realm-public-key STRING false true Public key of the realm
    register-node-at-startup BOOLEAN false true false Cluster setting
    register-node-period INT false true how often to re-register node
    socket-timeout-millis LONG false true Timeout for socket waiting for data in milliseconds
    ssl-required STRING false true external Whether communication with the OpenID provider should be over HTTPS. Valid values are: "all" - to always require HTTPS, "external" - to only require HTTPS for external requests, "none" - if HTTPS is not required. The default value is "external". This should be set to "all" in production environments.
    token-signature-algorithm STRING false true RS256 The token signature algorithm used by the OpenID provider
    token-store STRING false true cookie or session storage for auth session data
    truststore STRING false true Truststore used for adapter client HTTPS requests
    truststore-password STRING false true Password of the Truststore
    verify-token-audience BOOLEAN false true false If true, then during bearer-only authentication, the adapter will verify if token contains this client name (resource) as an audience
  • remove Remove a realm from the subsystem