[keycloak-dev] Configurable cookie names

Bill Burke bburke at redhat.com
Mon Oct 3 11:51:27 EDT 2016


I really don't see the benefit to this.  Somebody could easily figure 
out that its Keycloak just by the URL scheme.


On 10/3/16 9:05 AM, Martin Hardselius wrote:
> It's certainly not needed, more of a nice-to-have that came up during
> discussions about our deployment. As for #2, it might be more of a
> security-by-obscurity thing. Wanting to make it a bit harder to figure out
> what kind of stack you are running seems like a legitimate wish.
>
> On Mon, 3 Oct 2016 at 13:29 Stian Thorgersen <sthorger at redhat.com> wrote:
>
>> Not sure I see the need for this. What "product branding" are you
>> referring to? Not sure about #2 either. Are you talking from a security
>> perspective?
>>
>> On 30 September 2016 at 14:07, Martin Hardselius <
>> martin.hardselius at gmail.com> wrote:
>>
>> What are your thoughts on configurable cookie names (or other visible
>> references to Keycloak)? I.e a way to override e.g "KEYCLOAK_SESSION" with
>> "MYCOMPANY_SESSION". The use case being
>>
>> 1. Product branding
>> 2. Making it harder to figure out exactly which technology that's used
>> behind the scenes
>>
>> Regards,
>> Martin
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list