3 a.m.
Hi,
We are planning to setup Keycloak in new Network and network security team need some
information. Can you please help us with the answer of the following queries?
How is this user data secured in rest and in transit?
How is in control of Keyclock? and do you have the correct process around access, Starters
movers leavers etc?
Thanks & Regards,
Ranjan Pakira
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
9:01 p.m.
Hi Ranjan,
On Mon, 2018-07-30 at 08:00 +0000, Pakira, Ranjan wrote:
Hi,
We are planning to setup Keycloak in new Network and network security team need some
information. Can you please help us with the answer of the following queries?
How is this user data secured in rest and in transit?
It is recommended that the data in transit be protected with SSL/TLS.
It can be configured either in Keycloak or (preferably) on the reverse
proxy / load balancer side.
OpenID Connect and REST services use JSON message format. No additional protection is
involved aside from SSL/TLS.
SAML protocol can use additional message-level security, like encrypted/signed
assertions.
How is in control of Keyclock? and do you have the correct process
around access, Starters movers leavers etc?
If you meant "who is in control of Keycloak", it is developed by Red Hat with
contributions from the community. I'd suggest that you contact Red Hat directly re the
process.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
Thanks & Regards,
Ranjan Pakira
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:34 a.m.
Hi,
Thanks for your input.
Could you please help to share how the stored user data is secured, is any hashing
mechanism used?
Thanks in advance!
Regards,
Ranjan
-----Original Message-----
From: Dmitry Telegin [mailto:dt@acutus.pro]
Sent: Tuesday, July 31, 2018 7:32 AM
To: Pakira, Ranjan; 'keycloak-user(a)lists.jboss.org'
Cc: Hammarberg, Daniel; Sanyal, Sabyasachi
Subject: Re: [keycloak-user] Need info for network security
Hi Ranjan,
On Mon, 2018-07-30 at 08:00 +0000, Pakira, Ranjan wrote:
Hi,
We are planning to setup Keycloak in new Network and network security team need some
information. Can you please help us with the answer of the following queries?
How is this user data secured in rest and in transit?
It is recommended that the data in transit be protected with SSL/TLS.
It can be configured either in Keycloak or (preferably) on the reverse proxy / load
balancer side.
OpenID Connect and REST services use JSON message format. No additional protection is
involved aside from SSL/TLS.
SAML protocol can use additional message-level security, like encrypted/signed
assertions.
How is in control of Keyclock? and do you have the correct process
around access, Starters movers leavers etc?
If you meant "who is in control of Keycloak", it is developed by Red Hat with
contributions from the community. I'd suggest that you contact Red Hat directly re the
process.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
Thanks & Regards,
Ranjan Pakira
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:21 a.m.
On Tue, 2018-07-31 at 13:34 +0000, Pakira, Ranjan wrote:
Hi,
Thanks for your input.
Could you please help to share how the stored user data is secured, is any hashing
mechanism used?
By default, Keycloak stores password hashes using PBKDF2 algorithm:
https://en.wikipedia.org/wiki/PBKDF2
The algorithms are pluggable, and can be added by imlementing PasswordHashProvider.
Dmitry
Thanks in advance!
Regards,
Ranjan
-----Original Message-----
> From: Dmitry Telegin [mailto:dt@acutus.pro]
Sent: Tuesday, July 31, 2018 7:32 AM
> To: Pakira, Ranjan; 'keycloak-user(a)lists.jboss.org'
Cc: Hammarberg, Daniel; Sanyal, Sabyasachi
Subject: Re: [keycloak-user] Need info for network security
Hi Ranjan,
On Mon, 2018-07-30 at 08:00 +0000, Pakira, Ranjan wrote:
> Hi,
> We are planning to setup Keycloak in new Network and network security team need some
information. Can you please help us with the answer of the following queries?
>
> How is this user data secured in rest and in transit?
It is recommended that the data in transit be protected with SSL/TLS.
It can be configured either in Keycloak or (preferably) on the reverse proxy / load
balancer side.
OpenID Connect and REST services use JSON message format. No additional protection is
involved aside from SSL/TLS.
SAML protocol can use additional message-level security, like encrypted/signed
assertions.
> How is in control of Keyclock? and do you have the correct process around access,
Starters movers leavers etc?
If you meant "who is in control of Keycloak", it is developed by Red Hat with
contributions from the community. I'd suggest that you contact Red Hat directly re the
process.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
>
> Thanks & Regards,
> Ranjan Pakira
>
> This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
3:27 a.m.
Hi Dmitry,
Thanks for your help!
Kind Regards,
Ranjan
-----Original Message-----
From: Dmitry Telegin [mailto:dt@acutus.pro]
Sent: Wednesday, August 01, 2018 1:52 PM
To: Pakira, Ranjan; 'keycloak-user(a)lists.jboss.org'
Cc: Hammarberg, Daniel; Sanyal, Sabyasachi
Subject: Re: [keycloak-user] Need info for network security
On Tue, 2018-07-31 at 13:34 +0000, Pakira, Ranjan wrote:
Hi,
Thanks for your input.
Could you please help to share how the stored user data is secured, is any hashing
mechanism used?
By default, Keycloak stores password hashes using PBKDF2 algorithm:
https://en.wikipedia.org/wiki/PBKDF2
The algorithms are pluggable, and can be added by imlementing PasswordHashProvider.
Dmitry
Thanks in advance!
Regards,
Ranjan
-----Original Message-----
> From: Dmitry Telegin [mailto:dt@acutus.pro]
Sent: Tuesday, July 31, 2018 7:32 AM
> To: Pakira, Ranjan; 'keycloak-user(a)lists.jboss.org'
Cc: Hammarberg, Daniel; Sanyal, Sabyasachi
Subject: Re: [keycloak-user] Need info for network security
Hi Ranjan,
On Mon, 2018-07-30 at 08:00 +0000, Pakira, Ranjan wrote:
> Hi,
> We are planning to setup Keycloak in new Network and network security team need some
information. Can you please help us with the answer of the following queries?
>
> How is this user data secured in rest and in transit?
It is recommended that the data in transit be protected with SSL/TLS.
It can be configured either in Keycloak or (preferably) on the reverse proxy / load
balancer side.
OpenID Connect and REST services use JSON message format. No additional protection is
involved aside from SSL/TLS.
SAML protocol can use additional message-level security, like encrypted/signed
assertions.
> How is in control of Keyclock? and do you have the correct process around access,
Starters movers leavers etc?
If you meant "who is in control of Keycloak", it is developed by Red Hat with
contributions from the community. I'd suggest that you contact Red Hat directly re the
process.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
>
> Thanks & Regards,
> Ranjan Pakira
>
> This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2334
days inactive
2336
days old
4 comments
2 participants
participants (2)
-
Dmitry Telegin -
Pakira, Ranjan