Keycloak OpenID .well-known/ endpoints security issue
I use Keycloak with OpenID and I am wondering how to disable or remove well-known endpoints like:
...well-known/openid-configuration
...well-known/uma2-configuration
and
...protocol/openid-connect/certs
mentioned endpoints are available which is not good in terms of security in my system
Clients and API usually needs to be able to access these endpoints to for example configure them selves and also to download the public signing keys.
They don't contain any private information and even companies like Google exposes their own document here https://accounts.google.com/.well-known/openid-configuration
So, I wouldn't be to worry about that.