all
none
Attribute | Value |
---|---|
Type | INT |
Nillable | true |
Expressions Allowed | true |
Min | -1 |
Max | 2,147,483,647 |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Default Value | RS256 |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Attribute | Value |
---|---|
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Request Parameter | Type | Required | Expressions Allowed | Default value | Description |
---|---|---|---|---|---|
adapter-state-cookie-path | STRING | false | true | If set, defines the path used in cookies set by the adapter. Useful when deploying the application in the root context path. | |
allow-any-hostname | BOOLEAN | false | true | false | If true, hostname verification will be skipped when communicating with the OpenID provider over HTTPS. The default value is false. This can be useful in testing environments. This should never be set to true in production environments. |
always-refresh-token | BOOLEAN | false | true | false | Refresh token on every single web request |
auth-server-url | STRING | false | true | Base URL of the Realm Auth Server | |
autodetect-bearer-only | BOOLEAN | false | true | false | autodetect bearer-only requests |
bearer-only | BOOLEAN | false | true | false | Bearer Token Auth only |
client-id | STRING | false | true | Client ID | |
client-key-password | STRING | false | true | Password for the client key. This is required if client-keystore has been specified. | |
client-keystore | STRING | false | true | Path to the client keystore to be used when communicating with the OpenID provider over HTTPS. This is optional. | |
client-keystore-password | STRING | false | true | Password for the client keystore. This is required if client-keystore has been specified. | |
confidential-port | INT | false | true | 8443 | Specify the confidential port (SSL/TLS) used by the Realm Auth Server |
connection-pool-size | INT | false | true | Connection pool size for the client used by the adapter | |
connection-timeout-millis | LONG | false | true | Timeout for establishing the connection with the remote host in milliseconds | |
connection-ttl-millis | LONG | false | true | Connection time to live in milliseconds | |
cors-allowed-headers | STRING | false | true | CORS allowed headers | |
cors-allowed-methods | STRING | false | true | CORS allowed methods | |
cors-exposed-headers | STRING | false | true | CORS exposed headers | |
cors-max-age | INT | false | true | CORS max-age header | |
credential | OBJECT | false | false | Credential used to communicate with the OpenID Connect provider | |
disable-trust-manager | BOOLEAN | false | true | false | Adapter will not use a trust manager when making adapter HTTPS requests |
enable-basic-auth | BOOLEAN | false | true | false | Enable Basic Authentication |
enable-cors | BOOLEAN | false | true | false | Enable Keycloak CORS support |
expose-token | BOOLEAN | false | true | false | Enable secure URL that exposes access token |
ignore-oauth-query-parameter | BOOLEAN | false | true | false | disable query parameter parsing for access_token |
min-time-between-jwks-requests | INT | false | true | If adapter recognize token signed by unknown public key, it will try to download new public key from elytron-oidc-client server. However it won't try to download if already tried it in less than 'min-time-between-jwks-requests' seconds | |
principal-attribute | STRING | false | true | Indicates which claim value from the ID token to use as the principal for the identity | |
provider | STRING | false | true | OpenID provider | |
provider-url | STRING | false | true | The provider URL | |
proxy-url | STRING | false | true | The URL for the HTTP proxy if one is used. | |
public-client | BOOLEAN | false | true | false | Public client |
public-key-cache-ttl | INT | false | true | Maximum time the downloaded public keys are considered valid. When this time reach, the adapter is forced to download public keys from elytron-oidc-client server | |
realm | STRING | false | true | Keycloak realm | |
realm-public-key | STRING | false | true | Public key of the realm | |
redirect-rewrite-rule | OBJECT | false | false | Apply a rewrite rule for the redirect URI | |
register-node-at-startup | BOOLEAN | false | true | false | Cluster setting |
register-node-period | INT | false | true | how often to re-register node | |
resource | STRING | false | true | Application name | |
socket-timeout-millis | LONG | false | true | Timeout for socket waiting for data in milliseconds | |
ssl-required | STRING | false | true | external | Whether communication with the OpenID provider should be over HTTPS. Valid values are: "all" - to always require HTTPS, "external" - to only require HTTPS for external requests, "none" - if HTTPS is not required. The default value is "external". This should be set to "all" in production environments. |
token-minimum-time-to-live | INT | false | true | The adapter will refresh the token if the current token is expired OR will expire in 'token-minimum-time-to-live' seconds or less | |
token-signature-algorithm | STRING | false | true | RS256 | The token signature algorithm used by the OpenID provider |
token-store | STRING | false | true | cookie or session storage for auth session data | |
truststore | STRING | false | true | Truststore used for adapter client HTTPS requests | |
truststore-password | STRING | false | true | Password of the Truststore | |
turn-off-change-session-id-on-login | BOOLEAN | false | true | false | The session id is changed by default on a successful login. Change this to true if you want to turn this off |
use-resource-role-mappings | BOOLEAN | false | true | false | Use resource level permissions from token |
verify-token-audience | BOOLEAN | false | true | false | If true, then during bearer-only authentication, the adapter will verify if token contains this client name (resource) as an audience |