[keycloak-dev] usability vs. security
bburke at redhat.com
Mon Oct 7 10:14:20 EDT 2013
I'd like to have it that when an application is created in the admin
console, the admin can view the exact configuration files needed to
install in their application to enable security.
Unfortunately, this would involve populating application credentials in
the config file which would require exposing the application credentials
through a REST interface albeit secure REST interface.
Do you think it is such a big security hole to allow for this? I've
been trying to keep the mantra to not expose credentials anywhere if
possible, yet this is a very nice security usability feature. We could
even have it that an application password, totp, and/or cert is auto
JBoss, a division of Red Hat
More information about the keycloak-dev