Fix: Add port configuration behavior warning for x509 authenticator (Product IS issue #21293)

[wso2-engineering-bot]

This PR was automatically generated by Claude AI.

• Issue: x509 Authenticator port setting overrides server port and proxyPort in URLs product-is#21293
• Type: Documentation improvement / Configuration clarification
• Summary: Adds warning about x509 authenticator port configuration behavior that overrides proxyPort settings, helping users avoid connection issues when deploying behind proxies or load balancers.

Affected Versions

This PR updates documentation for ALL affected versions:

• 6.0.0: en/identity-server/6.0.0/docs/guides/mfa/x509.md
• 6.1.0: en/identity-server/6.1.0/docs/guides/mfa/x509.md
• 7.0.0, 7.1.0, 7.2.0, next: en/includes/guides/authentication/mfa/add-x509-login.md (shared include file)

Changes Made

Added a warning section explaining that:

1. The x509 custom transport port configuration overrides the proxyPort setting in [transport.https.properties]
2. This affects all redirect URLs generated by WSO2 IS (management console, My Account, authentication endpoints)
3. Users deploying behind proxies/load balancers need to either match ports or configure firewall rules accordingly

Style Scope Verification

Microsoft Style Guidelines have been applied ONLY to the newly added warning content. No modifications were made to existing documentation content beyond adding the new warning section.

Verification

• ✅ Documentation builds successfully with mkdocs build
• ✅ Warning message displays correctly in rendered HTML
• ✅ All affected version directories updated in single PR
• ✅ No broken links or formatting issues introduced

🤖 Generated with Claude Code

Summary by CodeRabbit

Documentation

• Added guidance on X509 port configuration behavior, explaining how the transport port affects all redirect URLs (management console, My Account, authentication endpoints) and overrides proxyPort. Includes recommendations for aligning configured ports with external settings and ensuring firewall accessibility.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

wso2-engineering-bot seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

Documentation updates across three X509 MFA configuration guides adding "Port configuration behavior" warning blocks explaining how custom transport ports override proxyPort for all redirect URLs, with minor whitespace adjustments.

Changes

Cohort / File(s)	Summary
X509 port configuration documentation en/identity-server/6.0.0/docs/guides/mfa/x509.md, en/identity-server/6.1.0/docs/guides/mfa/x509.md, en/includes/guides/authentication/mfa/add-x509-login.md	Added "Port configuration behavior" warning blocks describing how custom x509 transport port (e.g., port="8443") overrides proxyPort for all redirect URLs (management console, My Account, authentication endpoints). Includes guidance to align configured port with external port or ensure firewall accessibility. Minor whitespace adjustments around related sections.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• These are purely documentation additions with repetitive warning blocks following identical patterns across files
• No code, logic, or functional changes; straightforward documentation updates
• Minimal risk of unintended effects

Poem

🐰 A note for the port-seekers, clear and true,
When x509 calls, override comes through—
Align your ports with the external tide,
Or firewall gates may bar your ride! 🔐

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description is comprehensive and well-structured, covering purpose, affected versions, changes made, and verification. However, it does not follow the repository's required template structure with Purpose, Related PRs, Test environment, and Security checks sections.	Consider using the repository's standard PR description template with sections for Purpose, Related PRs, Test environment, and Security checks to maintain consistency with repository standards.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a port configuration behavior warning for the x509 authenticator, and references the related issue.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fixing-product-is-issue-21293-1765200822

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c6c33d6 and c9d9404.

📒 Files selected for processing (3)

• en/identity-server/6.0.0/docs/guides/mfa/x509.md (1 hunks)
• en/identity-server/6.1.0/docs/guides/mfa/x509.md (1 hunks)
• en/includes/guides/authentication/mfa/add-x509-login.md (1 hunks)

🔇 Additional comments (3)

en/identity-server/6.1.0/docs/guides/mfa/x509.md (1)

175-184: Clear, actionable port configuration guidance. The warning effectively explains the port override behavior and provides practical solutions (port alignment or firewall allowances). Markdown formatting and positioning after the configuration example are appropriate.

en/includes/guides/authentication/mfa/add-x509-login.md (1)

185-194: Well-structured template for cross-version documentation. The use of {{ product_name }} variable enables this shared include to render correctly across all affected versions (7.0.0, 7.1.0, 7.2.0, next) while maintaining consistency with the version-specific updates. The warning content and formatting align with the 6.x guidance.

en/identity-server/6.0.0/docs/guides/mfa/x509.md (1)

177-186: Consistent with other version updates. The warning block is properly positioned after the expanded note section (which includes version-specific guidance on connector ordering) and uses the same clear, actionable guidance structure as the 6.1.0 update.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}