[keycloak-user] Securing keycloak
GARDAIS Ionel
ionel.gardais at tech-advantage.com
Fri Sep 21 08:14:34 EDT 2018
Thanks.
I had hard time figuring how IPv6 matching was done but it's OK now.
(for the record, it looks like all fields of an IPv6 address must be listed : '2001:db8:0:0:0:0:0:0/32 allow' is OK but not '2001:db8::/32 allow')
--
Ionel GARDAIS
Tech'Advantage CIO - IT Team manager
De: "Sebastian Laskawiec" <slaskawi at redhat.com>
À: "Ionel GARDAIS" <ionel.gardais at tech-advantage.com>
Cc: "keycloak-user" <keycloak-user at lists.jboss.org>
Envoyé: Lundi 17 Septembre 2018 09:15:31
Objet: Re: [keycloak-user] Securing keycloak
This documentation piece should do exactly what you want: [ https://www.keycloak.org/docs/latest/server_admin/index.html#ip-restriction | https://www.keycloak.org/docs/latest/server_admin/index.html#ip-restriction ]
On Sun, Sep 16, 2018 at 10:25 AM GARDAIS Ionel < [ mailto:ionel.gardais at tech-advantage.com | ionel.gardais at tech-advantage.com ] > wrote:
Hi list,
Beside /auth/admin, are there any other URI that should be secured/restricted to limit attack surface for a public facing keycloak ?
By the way, could it be useful to add a dedicated configuration entry directly inside keycloak to restrict IPs allowed to make to low-level actions ?
Thanks,
Ionel
--
232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON
Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301_______________________________________________
keycloak-user mailing list
[ mailto:keycloak-user at lists.jboss.org | keycloak-user at lists.jboss.org ]
[ https://lists.jboss.org/mailman/listinfo/keycloak-user | https://lists.jboss.org/mailman/listinfo/keycloak-user ]
--
232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON
Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301
More information about the keycloak-user
mailing list