request
request_uri
Stability | preview |
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services. Attribute | Value |
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
client-key-password The password for the client key. This is required if 'client-keystore' has been specified. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
client-keystore The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
confidential-port The confidential port used by the OpenID provider when communicating securely over SSL/TLS. Attribute | Value |
Default Value | 8443 |
Type | INT |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
connection-pool-size The connection pool size to use when communicating with the OpenID provider. Attribute | Value |
Type | INT |
Nillable | true |
Expressions Allowed | true |
Min | 0 |
Max | 2,147,483,647 |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined. Attribute | Value |
Type | LONG |
Nillable | true |
Expressions Allowed | true |
Min | -1 |
Max | 2,147,483,647 |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value. Attribute | Value |
Type | LONG |
Nillable | true |
Expressions Allowed | true |
Min | -1 |
Max | 2,147,483,647 |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses. cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses. cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses. Attribute | Value |
Type | INT |
Nillable | true |
Expressions Allowed | true |
Min | -1 |
Max | 2,147,483,647 |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
disable-trust-manager Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates. Attribute | Value |
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific. Attribute | Value |
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional. Attribute | Value |
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'. Attribute | Value |
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
provider-url The OpenID provider URL. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
proxy-url The URL for the HTTP proxy if one is used. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
realm-public-key The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
register-node-at-startup If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered. Attribute | Value |
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered. Attribute | Value |
Type | INT |
Nillable | true |
Expressions Allowed | true |
Min | -1 |
Max | 2,147,483,647 |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
🅿 request-object-encryption-alg-value The encryption algorithm used to encrypt the request object. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
🅿 request-object-encryption-enc-value The content encryption algorithm used to encrypt the request object. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
🅿 request-object-signing-algorithm The algorithm used to sign the request object. The default value fot this attribute is "none". Attribute | Value |
Default Value | none |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
🅿 request-object-signing-key-alias The key alias when a key pair is used to sign request objects. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
🅿 request-object-signing-key-password The key password when a key pair is used to sign request objects. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
🅿 request-object-signing-keystore-file The path to the keystore to use when signing a request object. This is required if an asymmetric signing algorithm for request object is indicated. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
🅿 request-object-signing-keystore-password The keystore password when a key pair is used to sign request objects. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
🅿 request-object-signing-keystore-type The keystore type used to specify the client key pair used to sign request objects. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | preview |
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined. Attribute | Value |
Type | LONG |
Nillable | true |
Expressions Allowed | true |
Min | -1 |
Max | 2,147,483,647 |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
ssl-required Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments. Attribute | Value |
Default Value | external |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Allowed Values | ALL EXTERNAL NONE |
Stability | default |
token-signature-algorithm The token signature algorithm used by the OpenID provider. Attribute | Value |
Default Value | RS256 |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
token-store Defines whether to store account information in an HTTP session or in a cookie. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
truststore-password The password for the truststore. Attribute | Value |
Type | STRING |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security. Attribute | Value |
Default Value | false |
Type | BOOLEAN |
Nillable | true |
Expressions Allowed | true |
Storage | configuration |
Access Type | read-write |
Restart Required | no-services |
Stability | default |