Description
No rate limit on CIMD-triggering /auth requests leads to keycloak's resource exhaustion.
Keycloak does not implement its own rate limit feature. Instead, it owes to other entities like WAF.
However, keycloak does not mention this point by any guide/documents.
Therefore, it is valuable to describe this point on an appropriate documents.
Value Proposition
By this documentation, keycloak user can recognize rate limit on CIMD-triggering /auth requests and find how to do that by using other entities like WAF. It can make keycloak with CIMD more secure.
Goals
- Find an appropriate documentation
- Add the necessity of enforcing rate limit on CIMD-triggering /auth requests
Non-Goals
Keycloak itself implements rate limit feature.
Discussion
No response
Notes
No response
Description
No rate limit on CIMD-triggering /auth requests leads to keycloak's resource exhaustion.
Keycloak does not implement its own rate limit feature. Instead, it owes to other entities like WAF.
However, keycloak does not mention this point by any guide/documents.
Therefore, it is valuable to describe this point on an appropriate documents.
Value Proposition
By this documentation, keycloak user can recognize rate limit on CIMD-triggering /auth requests and find how to do that by using other entities like WAF. It can make keycloak with CIMD more secure.
Goals
Non-Goals
Keycloak itself implements rate limit feature.
Discussion
No response
Notes
No response