Details
diff --git a/connections/http-client/src/main/java/org/keycloak/connections/httpclient/DefaultHttpClientFactory.java b/connections/http-client/src/main/java/org/keycloak/connections/httpclient/DefaultHttpClientFactory.java
index 2231237..703660f 100755
--- a/connections/http-client/src/main/java/org/keycloak/connections/httpclient/DefaultHttpClientFactory.java
+++ b/connections/http-client/src/main/java/org/keycloak/connections/httpclient/DefaultHttpClientFactory.java
@@ -87,25 +87,23 @@ public class DefaultHttpClientFactory implements HttpClientFactory {
@Override
public void init(Config.Scope config) {
- long socketTimeout = config.getLong("socketTimeoutMillis", -1L);
- long establishConnectionTimeout = config.getLong("establishConnectionTimeoutMillis", -1L);
- long connectionTTL = config.getLong("connectionTTLMillis", -1L);
- int maxPooledPerRoute = config.getInt("maxPooledPerRoute", 0);
- int connectionPoolSize = config.getInt("connectionPoolSize", 200);
- boolean disableTrustManager = config.getBoolean("disableTrustManager", false);
- boolean disableCookies = config.getBoolean("disableCookies", true);
- String hostnameVerificationPolicy = config.get("hostnameVerificationPolicy", "WILDCARD");
+ long socketTimeout = config.getLong("socket-timeout-millis", -1L);
+ long establishConnectionTimeout = config.getLong("establish-connection-timeout-millis", -1L);
+ int maxPooledPerRoute = config.getInt("max-pooled-per-route", 0);
+ int connectionPoolSize = config.getInt("connection-pool-size", 200);
+ boolean disableTrustManager = config.getBoolean("disable-trust-manager", false);
+ boolean disableCookies = config.getBoolean("disable-cookies", true);
+ String hostnameVerificationPolicy = config.get("hostname-verification-policy", "WILDCARD");
HttpClientBuilder.HostnameVerificationPolicy hostnamePolicy = HttpClientBuilder.HostnameVerificationPolicy.valueOf(hostnameVerificationPolicy);
String truststore = config.get("truststore");
- String truststorePassword = config.get("truststorePassword");
- String clientKeystore = config.get("clientKeyStore");
- String clientKeystorePassword = config.get("clientKeyStorePassword");
- String clientPrivateKeyPassword = config.get("clientPrivateKeyPassword");
+ String truststorePassword = config.get("truststore-password");
+ String clientKeystore = config.get("client-keystore");
+ String clientKeystorePassword = config.get("client-keystore-password");
+ String clientPrivateKeyPassword = config.get("client-key-password");
HttpClientBuilder builder = new HttpClientBuilder();
builder.socketTimeout(socketTimeout, TimeUnit.MILLISECONDS)
.establishConnectionTimeout(establishConnectionTimeout, TimeUnit.MILLISECONDS)
- .connectionTTL(connectionTTL, TimeUnit.MILLISECONDS)
.maxPooledPerRoute(maxPooledPerRoute)
.connectionPoolSize(connectionPoolSize)
.hostnameVerification(hostnamePolicy)
diff --git a/distribution/subsystem-war/src/main/resources/META-INF/keycloak-server.json b/distribution/subsystem-war/src/main/resources/META-INF/keycloak-server.json
index 5c8c2ce..3e1896c 100755
--- a/distribution/subsystem-war/src/main/resources/META-INF/keycloak-server.json
+++ b/distribution/subsystem-war/src/main/resources/META-INF/keycloak-server.json
@@ -65,7 +65,7 @@
"connectionsHttpClient": {
"default": {
- "disableTrustManager": true
+ "disable-trust-manager": true
}
},
diff --git a/docbook/reference/en/en-US/modules/server-installation.xml b/docbook/reference/en/en-US/modules/server-installation.xml
index 5b4b043..0c419b7 100755
--- a/docbook/reference/en/en-US/modules/server-installation.xml
+++ b/docbook/reference/en/en-US/modules/server-installation.xml
@@ -395,6 +395,150 @@ All configuration options are optional. Default value for directory is <literal>
</para>
</section>
+ <section>
+ <title>Outgoing Server HTTP Requests</title>
+ <para>
+ Keycloak server needs to invoke on remote HTTP endpoints to do things like backchannel logouts and other
+ management functions. Keycloak maintains a HTTP client connection pool which has various configuration
+ settings you can specify before boot time. This is configured in the
+ <literal>standalone/configuration/keycloak-server.json</literal>.
+ By default the setting is like this:
+ <programlisting><![CDATA[
+ "connectionsHttpClient": {
+ "default": {
+ "disable-trust-manager": true
+ }
+ },
+]]></programlisting>
+ Possible configuration options are:
+ <variablelist>
+ <varlistentry>
+ <term>establish-connection-timeout-millis</term>
+ <listitem>
+ <para>
+ Timeout for establishing a socket connection.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>socket-timeout-millis</term>
+ <listitem>
+ <para>
+ If an outgoing request does not receive data for this amount of time, timeout the connection.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>connection-pool-size</term>
+ <listitem>
+ <para>
+ How many connections can be in the pool.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>max-pooled-per-route</term>
+ <listitem>
+ <para>
+ How many connections can be pooled per host.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>disable-trust-manager</term>
+ <listitem>
+ <para>
+ If true, HTTPS server certificates are not verified. If you set this to false, you must
+ configure a truststore.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>disable-cookies</term>
+ <listitem>
+ <para>
+ <literal>true</literal> by default. When set to true, this will disable any cookie
+ caching.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>hostname-verification-policy</term>
+ <listitem>
+ <para>
+ <literal>WILDCARD</literal> by default. For HTTPS requests, this verifies the hostname
+ of the server's certificate. <literal>ANY</literal> means that the hostname is not verified.
+ <literal>WILDCARD</literal> Allows wildcards in subdomain names i.e. *.foo.com.
+ <literal>STRICT</literal> CN must match hostname exactly.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>truststore</term>
+ <listitem>
+ <para>
+ The value is the file path to a Java keystore file. If
+ you prefix the path with <literal>classpath:</literal>, then the truststore will be obtained
+ from the deployment's classpath instead.
+ HTTPS
+ requests need a way to verify the host of the server they are talking to. This is
+ what the trustore does. The keystore contains one or more trusted
+ host certificates or certificate authorities.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>truststore-password</term>
+ <listitem>
+ <para>
+ Password for the truststore keystore.
+ This is
+ <emphasis>REQUIRED</emphasis>
+ if
+ <literal>truststore</literal>
+ is set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>client-keystore</term>
+ <listitem>
+ <para>
+ This is the file path to a Java keystore file.
+ This keystore contains client certificate for two-way SSL.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>client-keystore-password</term>
+ <listitem>
+ <para>
+ Password for the client keystore.
+ This is
+ <emphasis>REQUIRED</emphasis>
+ if
+ <literal>client-keystore</literal>
+ is set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>client-key-password</term>
+ <listitem>
+ <para>
+ <emphasis>Not supported yet, but we will support in future versions.</emphasis>
+ Password for the client's key.
+ This is
+ <emphasis>REQUIRED</emphasis>
+ if
+ <literal>client-keystore</literal>
+ is set.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ </section>
<section id="ssl_modes">
<title>SSL/HTTPS Requirement/Modes</title>
<warning>
diff --git a/testsuite/integration/src/test/resources/META-INF/keycloak-server.json b/testsuite/integration/src/test/resources/META-INF/keycloak-server.json
index b2fc067..a3f508a 100755
--- a/testsuite/integration/src/test/resources/META-INF/keycloak-server.json
+++ b/testsuite/integration/src/test/resources/META-INF/keycloak-server.json
@@ -69,7 +69,7 @@
"connectionsHttpClient": {
"default": {
- "disableTrustManager": true
+ "disable-trust-manager": true
}
},
