KeyCloak Settings
Keycloak can handle identity and access management for MOPS 4.0 without need of Internet connection. KeyCloak settings configures this functionallity.
| Format | Path | Filename | Purpose |
|---|---|---|---|
| TEXT | ./conf/keycloak/ |
keycloak.conf |
KeyCloak settings configuration |
Configuration file example:
# Basic settings for running in production. Change accordingly before deploying the server.
# Database
# The database vendor.
db=postgres
db-username=u_keycloakdb
db-password=<password>
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:postgresql://{{databaseServer}}:{{databasePort}}/keycloakdb
# db-url=jdbc:postgresql://mops4.0-db01:5432/keycloakdb
# The schema for the keycloak tables
db-schema=keycloak
# Observability
# If the server should expose healthcheck endpoints.
health-enabled=true
# If the server should expose metrics endpoints.
metrics-enabled=true
# HTTP
# The file path to a server certificate or certificate chain in PEM format.
# https-certificate-file=C:/mops/cert/server.crt.pem
# The file path to a private key in PEM format.
# https-certificate-key-file=C:/mops/cert/server.key.pem
# The proxy address forwarding mode if the server is behind a reverse proxy.
#proxy=reencrypt
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false
# Hostname for the Keycloak server.
hostname=http://{{hostname}}/keycloak
# Relative path for RESOURCES. Looks like it is based purely on base URL.
http-relative-path=/keycloak
| Name | Type | Description |
|---|---|---|
| db | string | The database vendor to use. Default is postgres. |
| db-username | string | Username for connecting to the database. |
| db-password | string | Password for connecting to the database. |
| db-url | string | Full JDBC URL for the database. If not specified, a default URL is derived from the vendor. |
| db-schema | string | Schema in the database where Keycloak tables are stored. |
| health-enabled | boolean | Whether the server should expose health check endpoints. Defaults to true. |
| metrics-enabled | boolean | Whether the server should expose metrics endpoints. Defaults to true. |
| https-certificate-file | string | File path to the server certificate or certificate chain in PEM format. |
| https-certificate-key-file | string | File path to the private key in PEM format. |
| proxy | string | Proxy forwarding mode if behind a reverse proxy. Typical value: reencrypt. |
| spi-sticky-session-encoder-infinispan-should-attach-route | boolean | Whether to attach route to cookies. Default is false when using session affinity from proxy. |
| hostname | string | Hostname or base URL for the Keycloak server. |
| http-relative-path | string | Relative path for Keycloak resources, typically appended to the base URL. |