Wildfly SSO auth - Multi Factor Authentication

114 views
Skip to first unread message

rinilnath r

unread,
Dec 16, 2021, 11:33:08 AM12/16/21
to WildFly
Hi,

We are implementing MFA using JBOSS EAP and Wildfly adapter to implement SSO Keycloak.

Aim : 
1. To secure the direct access to codes (wsdl files) if an intruder tries to hit the direct webservice URL with no auth or empty security token.

Currently:
1 . we have implemented keycloak in jboss with settings mentioned in keycloak documentation
2. But , the authentication of keycloak is not validating the empty tokens, it allows access towards WSDL. Not as expected
3. When we give no auth option, it still allows the access towards WSDL revealing the wsdl . Not sure how it should work , can we able to disable this no-auth type ?
3. When we give a valid token, it allows as expected.
4. When we give an invalid token, it fails saying 404 , unauthorized error as expected.

Can you please share some tips, to overcome this failure in authentication ?

rinilnath r

unread,
Dec 17, 2021, 10:01:02 PM12/17/21
to WildFly
Hi,

Can any one please help ?

Diana Krepinska

unread,
Jan 10, 2022, 12:31:56 PM1/10/22
to WildFly
Hello, how does your server configuration look like? Did you put any security constraints on the endpoints? 
Reply all
Reply to author
Forward
0 new messages