I have a Wildfly application using Keycloak for Single-sign-on. But I cannot find any option to configure the Wildlfy adapter to use response_mode=form_post.
The response_mode=query (default) means that the session_state, and code values are written in the redirected URL. Both of which contain keycloak’s AUTH_SESSION_ID. So any reverse proxy server will be able to see the AUTH_SESSION_ID therefore at risk that it can be captured by an attacker.
Does anyone know how to configure the Wildfly adapter to use response_mode=form_post, or any other way to remove the AUTH_SESSION_ID cookie value from being added to the redirect location?