Keycloak OpenID .well-known/ endpoints security issue

security oauth openid keycloak endpoint

I use Keycloak with OpenID and I am wondering how to disable or remove well-known endpoints like: ...well-known/openid-configuration ...well-known/uma2-configuration and ...protocol/openid-connect/certs

mentioned endpoints are available which is not good in terms of security in my system


Clients and API usually needs to be able to access these endpoints to for example configure them selves and also to download the public signing keys.

They don't contain any private information and even companies like Google exposes their own document here https://accounts.google.com/.well-known/openid-configuration

So, I wouldn't be to worry about that.

Related

What are the differences between the git and git-core packages?
How do I set up an email server?
How to disable autorefresh in snap
Why isn't .profile sourced when opening a terminal?
What is the difference between update-grub and update-grub2?
/var/lib/apt/lists is huge
How is /etc/motd updated?
How to interpret output of "free -m" command?
Create the home directory while creating a user [duplicate]
How can I convert an ogv file to mp4?
Chrome/Chromium middle mouse button for scroll Linux, Mac
How to change the title of the current terminal tab using only the command line [duplicate]