[keycloak-dev] Zero-knowledge proof of password?
bburke at redhat.com
Tue Mar 7 18:05:44 EST 2017
What does that even mean? Keycloak's SSL mode can forbid non SSL
connections. FYI, OIDC requires SSL.
On 3/7/17 4:22 PM, Peter K. Boucher wrote:
> Suppose you don't want your passwords transmitted in the clear after SSL is
> terminated by a proxy.
> Has anyone developed a secure way for the client to prove they have the
> password, rather than transmitting it in the body of a post?
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev