Sebastian Schuster
Sebastian Schuster
Can we call this KC_AUTH_SESSION_HASH or KC_AUTH_SESSION_FINGERPRINT or something like that just to make it clear for pentesters that this is not the session cookie itself?
Thanks for noting @RafaelWO !
I think this is still valid. @douglaspalmer Can you please have a look at the linked PR?
@thomas-VIGINUM It looks like you didnt hit the correct defaults e.g. standard flow is enabled by default.
What the documentation says is wrong because the provider is currently just using the Keycloak defaults - which has standard flow enabled. That's why the tests are failing.
@rhigdon I think if we add this, we should offer both options as mutually exclusive. If we removed the current way, we would need a state migration and also ask...
@consooo Thanks for your contribution! Your fix looks fine for me. Can you please sign off your commit so the DCO check passes? Ideally, just squash your commits and then...
Closing as duplicate, release is planned for tomorrow.
@thefinn93 Yes, today or tomorrow.
As a quick fix, we can also assume we are running against the latest Keycloak version if we cannot read version information.