Merge cc9433fbd4 into 567fe7b259

docs(faq): Discuss options for TLS between LB and kanidm
2025-04-25 11:45:39 +02:00 · 2025-03-28 22:33:16 -06:00 · 2024-04-28 22:58:00 -07:00
1 changed files with 13 additions and 0 deletions
--- a/book/src/frequently_asked_questions.md
+++ b/book/src/frequently_asked_questions.md
@ -52,6 +52,19 @@ configured.
 Similarly, WebAuthn and its various other names like Passkeys, FIDO2 or "scan the QR code to log in"
 will [only work over TLS](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

+There are a variety of ways that you can configure TLS between your load balancer and Kanidm.
+Ultimately, any option that maintains the confidentiality and integrity of the communication will
+suffice. Some options include, but are not limited to:
+
+- Generating a self-signed certificate
+  - Utilize certificate pinning to ensure that the load balancer only trusts connections made with
+  that particular certificate
+- Not terminating TLS / TLS passthrough / TCP proxy
+- Running your own certificate authority (CA)
+
+The "best" option for you will depend on a number of factors, including your threat model and the
+specifc load balancer you are using.
+
 ## OAuth2

 [RFC6819 - OAuth2 Threat Model and Security Considerations](https://www.rfc-editor.org/rfc/rfc6819)
Author	SHA1	Message	Date
ChanceHarrison	7fc797822f	Merge `cc9433fbd4` into `567fe7b259`	2025-03-28 22:33:16 -06:00
Chance Harrison	cc9433fbd4	docs(faq): Discuss options for TLS between LB and kanidm	2024-04-28 22:58:00 -07:00