Encrypt body payload #45349
Unanswered
DarkSil3ncer
asked this question in
Q&A
Encrypt body payload
#45349
Replies: 1 comment
-
|
If you setup Keycloak with edge TLS, then the requests from the proxy to Keycloak will not be encrypted. If you require encryption between the proxy and Keycloak, you should use a reencrypt setup instead. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Description
A security scan was done on the client. The security scan setup a reverse proxy and monitored traffic while the user logged in via KeyCloak. It was observed that the username and password was readable via the body of the request.
Value Proposition
If there is a proxy or reverse proxy setup, this is a point of vulnerability where the request and it's body will be exposed.
Goals
The body should be encoded.
Non-Goals
N/A
Discussion
No response
Notes
No response
Beta Was this translation helpful? Give feedback.
All reactions