[keycloak-dev] Configurable cookie names

Stian Thorgersen sthorger at redhat.com
Mon Oct 3 23:25:39 EDT 2016 

Me neither. KC URL scheme is so distinct that there's no problem figuring
out that it's Keycloak under the hood. This is just adding another thing to
test and document, which isn't required and probably only very few would
use.

On 3 October 2016 at 17:51, Bill Burke <bburke at redhat.com> wrote:

> I really don't see the benefit to this.  Somebody could easily figure
> out that its Keycloak just by the URL scheme.
>
>
> On 10/3/16 9:05 AM, Martin Hardselius wrote:
> > It's certainly not needed, more of a nice-to-have that came up during
> > discussions about our deployment. As for #2, it might be more of a
> > security-by-obscurity thing. Wanting to make it a bit harder to figure
> out
> > what kind of stack you are running seems like a legitimate wish.
> >
> > On Mon, 3 Oct 2016 at 13:29 Stian Thorgersen <sthorger at redhat.com>
> wrote:
> >
> >> Not sure I see the need for this. What "product branding" are you
> >> referring to? Not sure about #2 either. Are you talking from a security
> >> perspective?
> >>
> >> On 30 September 2016 at 14:07, Martin Hardselius <
> >> martin.hardselius at gmail.com> wrote:
> >>
> >> What are your thoughts on configurable cookie names (or other visible
> >> references to Keycloak)? I.e a way to override e.g "KEYCLOAK_SESSION"
> with
> >> "MYCOMPANY_SESSION". The use case being
> >>
> >> 1. Product branding
> >> 2. Making it harder to figure out exactly which technology that's used
> >> behind the scenes
> >>
> >> Regards,
> >> Martin
> >>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> >>
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list