We are implementing MFA using JBOSS EAP and Wildfly adapter to implement SSO Keycloak.
1. To secure the direct access to codes (wsdl files) if an intruder tries to hit the direct webservice URL with no auth or empty security token.
1 . we have implemented keycloak in jboss with settings mentioned in keycloak documentation
2. But , the authentication of keycloak is not validating the empty tokens, it allows access towards WSDL. Not as expected
3. When we give no auth option, it still allows the access towards WSDL revealing the wsdl . Not sure how it should work , can we able to disable this no-auth type ?
3. When we give a valid token, it allows as expected.
4. When we give an invalid token, it fails saying 404 , unauthorized error as expected.
Can you please share some tips, to overcome this failure in authentication ?