First time using keycloak

Hi, my company is planning on implementing Keycloak with OIDC for its SSO implementation.
I’ve been trying to research the security risks that come with Keycloak but haven’t been able to find concrete documentation regarding a threat model, similar to the one for OAuth.
I wanted to know if there are resources which we can refer to for studying the various security risks that I need to be aware of as we integrate Keycloak in our product.

Thank you

Were you looking for something like this?

https://www.keycloak.org/docs/latest/server_admin/index.html#threat-model-mitigation

1 Like