Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[management] Resource oauth2 provider always trusts all certs and do not verify hosts #2584

Closed
kanischev opened this issue Sep 10, 2019 · 0 comments

Comments

@kanischev
Copy link

commented Sep 10, 2019

API resource SSL connection to oauth2 provider always trusts all certs and does not allow to verify host

Possible Solution

Add properties to plugin and make this behaviour configurable

Context

Potential security vulnerability

kanischev pushed a commit to kanischev/gravitee-resource-oauth2-provider-keycloak that referenced this issue Sep 10, 2019
…All and verifyHost) configurable via APIM-UI. Fixed NPE on incorrect response handling.
@brasseld brasseld added this to the APIM - 1.29.0 milestone Sep 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
API Management
Awaiting triage
2 participants
You can’t perform that action at this time.