mirror of
https://gitlab.com/alemaire/buildx.git
synced 2025-01-17 13:58:19 +00:00
25 lines
1.7 KiB
Plaintext
25 lines
1.7 KiB
Plaintext
|
embed-server --server-config=$configuration_file --std-out=discard
|
||
|
/subsystem=elytron/key-store=kcTrustStore:add(path=$keycloak_tls_truststore_file,type=JKS,credential-reference={clear-text=$keycloak_tls_truststore_password})
|
||
|
/subsystem=elytron/trust-manager=kcTrustManager:add(key-store=kcTrustStore)
|
||
|
if (outcome != success) of /subsystem=elytron/server-ssl-context=kcSSLContext:read-resource
|
||
|
# Since WF requires a Key Manager for creating /subsystem=elytron/server-ssl-context, there's nothing we can do at this point.
|
||
|
# We can not automatically generate a self-signed key (Elytron doesn't support this, see https://docs.wildfly.org/13/WildFly_Elytron_Security.html#configure-ssltls),
|
||
|
# and we don't have anything else at hand.
|
||
|
# However, there is no big harm here - the Trust Store is more needed by Keycloak Truststore SPI.
|
||
|
echo "WARNING! There is no Key Manager (No Key Store specified). Skipping HTTPS Listener configuration..."
|
||
|
else
|
||
|
# The SSL Context has been added by keystore, not much to do - just append trust store and we are done.
|
||
|
/subsystem=elytron/server-ssl-context=kcSSLContext:write-attribute(name=trust-manager, value=kcTrustManager)
|
||
|
/subsystem=elytron/server-ssl-context=kcSSLContext:write-attribute(name=want-client-auth, value=true)
|
||
|
end-if
|
||
|
|
||
|
if (outcome != success) of /subsystem=keycloak-server/spi=truststore:read-resource
|
||
|
/subsystem=keycloak-server/spi=truststore/:add
|
||
|
end-if
|
||
|
/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \
|
||
|
file => $keycloak_tls_truststore_file, \
|
||
|
password => $keycloak_tls_truststore_password, \
|
||
|
hostname-verification-policy => "WILDCARD", \
|
||
|
disabled => "false"})
|
||
|
|
||
|
stop-embedded-server
|