[keycloak-dev] Zero-knowledge proof of password?

Bill Burke bburke at redhat.com
Tue Mar 7 18:05:44 EST 2017


What does that even mean?  Keycloak's SSL mode can forbid non SSL 
connections.  FYI, OIDC requires SSL.


On 3/7/17 4:22 PM, Peter K. Boucher wrote:
> Suppose you don't want your passwords transmitted in the clear after SSL is
> terminated by a proxy.
>
>   
>
> Has anyone developed a secure way for the client to prove they have the
> password, rather than transmitting it in the body of a post?
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list