Merge pull request #195 from InfoSec812/Issue-193_-_add-option-for-hostname-strict-https

Added hostname-strict-https option
2026-03-26 21:33:03 +00:00 · 2024-04-19 16:05:46 +02:00
parent b978e8bb88 16accd5e30
commit 82498ab3f5
2 changed files with 13 additions and 0 deletions
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@@ -338,6 +338,12 @@ argument_specs:
                description: >
                  If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies
                  and we rely on the session affinity capabilities from reverse proxy
+            keycloak_quarkus_hostname_strict_https:
+                type: "bool"
+                required: false
+                description: >
+                  By default, Keycloak requires running using TLS/HTTPS. If the service MUST run without TLS/HTTPS, then set
+                  this option to "true"
            keycloak_quarkus_ks_vault_enabled:
                default: false
                type: "bool"
--- a/roles/keycloak_quarkus/templates/keycloak.conf.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2
@@ -10,6 +10,13 @@ db-password={{ keycloak_quarkus_db_pass }}
 {% endif %}
 {% endif %}

+{% if keycloak_quarkus_hostname_strict_https is defined and keycloak_quarkus_hostname_strict_https is sameas true -%}
+hostname-strict-https=true
+{% endif -%}
+{% if keycloak_quarkus_hostname_strict_https is defined and keycloak_quarkus_hostname_strict_https is sameas false -%}
+hostname-strict-https=false
+{% endif -%}
+
 {% if keycloak.config_key_store_enabled %}
 # Config store
 config-keystore={{ keycloak_quarkus_config_key_store_file }}