Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-9786

[KEYCLOAK-GATEKEEPER] token and logout endpoint are unauthenticated

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      keycloak-gatekeeper endpoints for token and logout rely on proper encrypted cookie only and not on actual state defined in the cookie.

      It is therefore possible to read old cookies, provided the encryption key has bot been refreshed by the server.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                fredbi Frédéric BIDON
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: