Thanks for your input.
Could you please help to share how the stored user data is secured, is any hashing
Thanks in advance!
From: Dmitry Telegin [mailto:firstname.lastname@example.org]
Sent: Tuesday, July 31, 2018 7:32 AM
To: Pakira, Ranjan; 'keycloak-user(a)lists.jboss.org'
Cc: Hammarberg, Daniel; Sanyal, Sabyasachi
Subject: Re: [keycloak-user] Need info for network security
On Mon, 2018-07-30 at 08:00 +0000, Pakira, Ranjan wrote:
We are planning to setup Keycloak in new Network and network security team need some
information. Can you please help us with the answer of the following queries?
How is this user data secured in rest and in transit?
It is recommended that the data in transit be protected with SSL/TLS.
It can be configured either in Keycloak or (preferably) on the reverse proxy / load
OpenID Connect and REST services use JSON message format. No additional protection is
involved aside from SSL/TLS.
SAML protocol can use additional message-level security, like encrypted/signed
How is in control of Keyclock? and do you have the correct process
around access, Starters movers leavers etc?
If you meant "who is in control of Keycloak", it is developed by Red Hat with
contributions from the community. I'd suggest that you contact Red Hat directly re the
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
Thanks & Regards,
This message contains information that may be privileged or confidential and is the
property of the Capgemini Group. It is intended only for the person to whom it is
addressed. If you are not the intended recipient, you are not authorized to read, print,
retain, copy, disseminate, distribute, or use this message or any part thereof. If you
receive this message in error, please notify the sender immediately and delete all copies
of this message.
keycloak-user mailing list