[keycloak-dev] security headers/realm attributes

Bill Burke bburke at redhat.com
Mon Aug 11 11:19:26 EDT 2014

I'm going to add realm attributes to JPA model and move some stuff there 
(brute force settings for example)

Also, I'm going to add a new menu item "Attack Prevention"  (if you can 
think of a better name, let me know).  Under this I'll move "Brute Force 
Protection".  Eventually we'll probably put IP Filtering there.  Also, 
will add a "Security Headers".  Under this will allow you to manually 
set these headers:


By default, iframe will use a same origin policy.

Some of these headers are quite complex (Content-Security-Policy), so it 
might be easiest to just allow the user to set the header manually.

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list