Skip to content

Keycloak Realm Secret

Service Name: Keycloak

Service Description: Keycloak is an open-source Identity and Access Management (IAM) solution that provides single sign-on capabilities, identity brokering, and social login for modern applications and services. It offers user federation, strong authentication, user management, fine-grained authorization, and more.

Service Address: https://www.keycloak.org/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the realm level through network policies and client configurations.

Secret Access Scope: Grants administrative access to a specific realm within a Keycloak instance, allowing management of users, clients, roles, and authentication flows.

Secret Revokement URL: https://www.keycloak.org/docs/latest/server_admin/#_revoke_client_secrets

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJrZXljbG9hay1hZG1pbiIsImlhd CI6MTUxNjIzOTAyMn0.KZ8T9vXBpjA7jZKvADyFZQOYlJ3Hn5i9ggL1HCQmkXY

Suspicious Activity Investigation Instructions:

  • Review Keycloak server logs for unusual authentication attempts or administrative actions.
  • Check for unexpected client registrations or modifications within the realm.
  • Monitor for unusual user role assignments or permission changes.
  • Examine event logs for administrative actions performed outside normal business hours.
  • Verify if there are any unauthorized realm settings changes.

Mitigation Instructions:

  • Log in to the Keycloak Admin Console.
  • Navigate to the affected realm.
  • Go to Realm Settings > Keys.
  • Rotate the realm keys to invalidate existing tokens.
  • For client secrets, go to Clients, select the affected client, and regenerate the client secret.
  • Review and update any compromised admin account credentials.
  • Enable two-factor authentication for administrative accounts if not already enabled.
  • Consider implementing shorter token lifetimes and stricter session policies.
  • Review and restrict the IP addresses that can access the admin console.