Configuring Trusted Proxy Servers

If you are running applications behind one or more proxy servers then you may find it useful to configure Crowd to trust the proxies' addresses. When a proxy server forwards an HTTP request, Crowd will recognize the request as coming from the request's originator, not from the proxy server. This is particularly useful if you want single sign-on amongst several applications running behind different proxy servers.

Configuring a trusted proxy server means that Crowd will iterate through client IP address and IP addresses in the X-Forwarded-For header from right to left and pick the first IP address that is not a trusted proxy. The address is then used as the client's IP address.

To configure Crowd to trust a proxy server,

  1. Log in to the Crowd Administration Console.
  2. In the top navigation bar, click > Trusted proxy servers.
  3. Type the IP address or the host name of the proxy server. Possible values are:
    • A full IP address, e.g. 192.168.10.12 (IPv4) or 2001:db8:85a3:0:0:8a2e:370:7334 (IPv6).
    • An IPv4 subnet using wildcard notation, e.g. 192.168.*.*.
    • An IPv4 or IPv6 subnet, using CIDR notation, e.g. 192.168.10.1/16 (IPv4) or 2001:db8:85a3::/64 (IPv6). For more information, see the introduction to CIDR notation on Wikipedia and RFC 4632.
    • A host name, e.g. proxy.example.org. All IP addresses bound to the given host name will be trusted.
      (info) Using host names will cause DNS requests to be sent, which might affect Crowd performance.
  4. Click Add.
Last modified on Sep 29, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.