Currently, even with a custome theme, Keycloak exposes itself, eg. when an incomplete URL is called (error page) or when landing URLs are used.
What is the best practice to avoid this? Ideally, the OAuth2 solution should not be visible for users. Is this best implemented in the infrastructure level, on Keycloak Theme level or somewhere else?
Asked
Active
Viewed 64 times
0
Ice09
- 8,951
- 4
- 23
- 25
-
1Did you set the theme at the Master Realm as well? – dreamcrash Dec 03 '20 at 19:15
-
Good hint, that would be a solution, however I more meant to avoid exposure at all. We now ended up doing this on loadbalancer level with redirecting all not 2xx and 3xx responses, but I am not sure if this is "best practice". It would be good to have a "no exposure" flag (on themes level maybe) which would result in just returning 404 with no content (same for 5xx etc.). – Ice09 Dec 05 '20 at 08:47
-
Okey, I got your point now, unfortunately I do not either what is the best practice on this regard. – dreamcrash Dec 05 '20 at 10:10