Is it possible to restrict the exposure of Keycloak’s TLS certificate revocation endpoints and other potentially sensitive API endpoints to prevent public access? If so, what are the recommended configurations or best practices to secure these endpoints without impacting system functionality?
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Is it needed / helpful to hide specific endpoints in production? | 0 | 318 | May 17, 2021 | |
| Is it a good idea to have a unsecure client application service that exposes Keycloak URL and config to other services? | 0 | 398 | September 15, 2020 | |
| Keycloak.json public or private? | 0 | 1026 | June 26, 2020 | |
| How to set the keycloak root path to not exposed | 0 | 398 | November 4, 2022 | |
| Public API available? | 4 | 1280 | October 16, 2019 |