[keycloak-user] Need info for network security

Pakira, Ranjan ranjan.pakira at capgemini.com
Tue Jul 31 09:34:39 EDT 2018 

Hi,

Thanks for your input.

Could you please help to share how the stored user data is secured, is any hashing mechanism used?

Thanks in advance!

Regards,
Ranjan

-----Original Message-----
From: Dmitry Telegin [mailto:dt at acutus.pro] 
Sent: Tuesday, July 31, 2018 7:32 AM
To: Pakira, Ranjan; 'keycloak-user at lists.jboss.org'
Cc: Hammarberg, Daniel; Sanyal, Sabyasachi
Subject: Re: [keycloak-user] Need info for network security

Hi Ranjan,

On Mon, 2018-07-30 at 08:00 +0000, Pakira, Ranjan wrote:
> Hi,
> We are planning to setup Keycloak in new Network and network security team need some information.  Can you please help us with the answer of the following queries?
> 
> How is this user data secured in rest and in transit?

It is recommended that the data in transit be protected with SSL/TLS.
It can be configured either in Keycloak or (preferably) on the reverse proxy / load balancer side.

OpenID Connect and REST services use JSON message format. No additional protection is involved aside from SSL/TLS.

SAML protocol can use additional message-level security, like encrypted/signed assertions.

> How is in control of Keyclock? and do you have the correct process around access, Starters movers leavers etc?

If you meant "who is in control of Keycloak", it is developed by Red Hat with contributions from the community. I'd suggest that you contact Red Hat directly re the process.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

> 
> Thanks & Regards,
> Ranjan Pakira
> 
> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list