libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions
keycloak-scim/topics/threat/open-redirect.adoc
Bruno Oliveira 50406712fd Small fixes 
* keycloak by Keycloak
* uri by URI
* oAuth by OAuth
* saml by SAML
* oidc by OIDC
* infinispan by Infinispan
* uri vs URI
2016-06-01 11:29:43 -03:00

12 lines
883 B
Text
Raw Blame History

=== Open redirectors
An attacker could use the end-user authorization endpoint and the redirect URI parameter to abuse the authorization server as an open redirector.
An open redirector is an endpoint using a parameter to automatically redirect a user agent to the location specified by the parameter value without any validation.
An attacker could utilize a user's trust in an authorization server to launch a phishing attack.
{{book.project.name}} requires that all registered applications and clients register at least one redirection URI pattern.
Any time a client asks {{book.project.name}} to perform a redirect (on login or logout for example), {{book.project.name}} will check the redirect URI vs.
the list of valid registered URI patterns.
It is important that clients and applications register as specific a URI pattern as possible to mitigate open redirector attacks.
Reference in a new issue View git blame Copy permalink