Re: [keycloak-dev] Zero-knowledge proof of password?
I think the closest people have come to what you describe are things like
FreeOTP or the RSA Firewall fobs. These provide one way passwords that
are based on "what you know" and do not require of transmitting a permanent
password over cleartext.
Hope this helps!
On Tue, Mar 7, 2017 at 6:05 PM, Bill Burke <bburke(a)redhat.com> wrote:
What does that even mean? Keycloak's SSL mode can forbid non
SSL
connections. FYI, OIDC requires SSL.
On 3/7/17 4:22 PM, Peter K. Boucher wrote:
> Suppose you don't want your passwords transmitted in the clear after SSL
is
> terminated by a proxy.
>
>
>
> Has anyone developed a secure way for the client to prove they have the
> password, rather than transmitting it in the body of a post?
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev