[keycloak-user] Managing the attack surface of Keycloak

Thomas Darimont thomas.darimont at googlemail.com
Fri Jun 3 09:48:11 EDT 2016


Hello John,

have a look at: Guidelines for protecting Keycloak Endpoints
http://lists.jboss.org/pipermail/keycloak-user/2016-March/005525.html

Cheers,
Thomas

2016-06-03 15:27 GMT+02:00 John D. Ament <john.d.ament at gmail.com>:

> Hey,
>
> So, a very high level question, and any insight you guys may have would
> help.
>
> We're looking to potentially deploy keycloak as a part of a public cloud
> application to support authentication to our applications based on security
> settings our tenants may use, which may include talking back to their
> internal LDAPs, our LDAP, our database, or their hosted SAML solutions.
>
> We're not looking to expose this UI to them, so they would never need to
> login other than visiting the login page to access our applications.  Are
> there any mitigation strategies for reducing the attack surface of
> keycloak? I saw that you had brute force detection available, in addition
> to using public/private key pairs to do API authentication.  I'm wondering
> if there's any more security levels that could be leveraged? Does reducing
> the amount of API endpoints accessible publically make sense in this
> scenario?  If so, what endpoints would need to be there to support
> authentication?
>
> John
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160603/1577615b/attachment.html 


More information about the keycloak-user mailing list