From 1062251a159d5233a933da5e3048bddd16d6935d Mon Sep 17 00:00:00 2001 From: Alicia Sykes Date: Tue, 1 Mar 2022 14:05:01 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Adds=20link=20to=20setting=20hea?= =?UTF-8?q?ders=20for=20KC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/authentication.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/authentication.md b/docs/authentication.md index 4d64f753..99654981 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -161,6 +161,8 @@ sections: groups: ['ProductTeam'] ``` +Depending on how you're hosting Dashy and Keycloak, you may also need to set some HTTP headers, to prevent a CORS error. This would typically be the `Access-Control-Allow-Origin [URL-of Dashy]` on your Keycloak instance. See the [Setting Headers](https://github.com/Lissy93/dashy/blob/master/docs/management.md#setting-headers) guide in the management docs for more info. + Your app is now secured :) When you load Dashy, it will redirect to your Keycloak login page, and any user without valid credentials will be prevented from accessing your dashboard. From within the Keycloak console, you can then configure things like time-outs, password policies, etc. You can also backup your full Keycloak config, and it is recommended to do this, along with your Dashy config. You can spin up both Dashy and Keycloak simultaneously and restore both applications configs using a `docker-compose.yml` file, and this is recommended.