patricksimonian
commented
3 years ago instead of having two copies of these details, why don't we just upload the report to documize and make it available publicly?
Closed mitovskaol closed 2 years ago
patricksimonian
commented
3 years ago instead of having two copies of these details, why don't we just upload the report to documize and make it available publicly?
mitovskaol
commented
3 years ago @patricksimonian The full report may include information about the vulnerabilities that are currently present in our KeyCloak implementation, it would not be a good security practice to publish them into a public space. Therefore, my suggestion was only re-use the technical architecture documentation part of the repo for publishing in Devhub. Ping me in RC if you want to discuss it further.
zsamji
commented
2 years ago closing this as we are going to address this in November 2021
The report produced by RedHat as part of the BCGov's SSO health check includes a nice representation of the KeyCloak architecture and the design. Being able to access the KeyCloak tech doc would be helpful for the teams that are looking to integrate with the KeyCloak as well as for Ministry's IMB that seek to understand the KeyCloak security and configuration details. I suggest that we extract this information from the report and convert it into a markdown file that can be accessed by product teams in DevHub.
Definition of done The technical details are extracted from the report and converted into a markdown file in the ocp-sso repo and the markdown file is searchable in DevHub.