KEYCLOAK design weakness – Aug 2018

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties. If you ask me, what is the design objective of SAML. It make your life simple.Also this is the aim for computer system. But a pin does not have two points. For those who use single sign on also provides a benefits to attacker. Keycloak is an open source software product to allow single sign-on with Identity Management and Access Management aimed at modern applications and services. As of March 2018 this JBoss community project is under the stewardship of Red Hat who use it as the upstream project for their RH-SSO product. Docker had already built a great deal of momentum since 2015. Docker product such a way integrated the open source products integrate to business world especially cloud computing platform. So it does not lack of single sign on, right. From technical point of view, take the easy way and make it simple, it coincident equivalent with boolean expression theory.
Keycloak has vulnerability occured. In Keycloak 3.4.3, a handling of certifciate method has design weakness. A expired certificates let a malicious user could use this to access unauthorized data or possibly conduct further attacks. See below url for reference.