[keycloak-dev] Automatic Security Advisory for Keycloak Settings

[Thomas Darimont]

Hello,

After upgrading Keycloak some settings are not updated and
left as is, either because the they were changed by the admin
or contain the previous default value.
This settings might not match the current recommendations.

Since there is currently no automatic configuration check
Keycloak admins potentially need to revisit every
setting after an upgrade / migration.

As an example for settings that need to be upgraded regularly after
a Keycloak upgrade are the Header configurations in the Security Settings.

It would be great if Keycloak would be aware of the current
best practice recommendations for configuration settings and
would list / highlight deviations.

One way to show this to admins would be a list in a dedicated
"Security Advisory" section or as a hint on a particular setting
in the admin console.

Do you have any plans for implementing something like this?

Cheers,
Thomas