Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11663

RFE for OpenAM: Strengthening the OAuth2 Client Secret Encryption Mechanism

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Target Version/s:
    • Rank:
      1|hzu47j:
    • Support Ticket IDs:

      Description

      The key for encrypting oauth2 client secrets lives in the same DIT as the secrets it en/decrypts. While one might discount this concern in an on-premise deployment context, it is hard to do so in the cloud.

      The concern is that the colocation of key and encrypted material makes it easy to defeat.

      For OAuth2 secrets (only), we want to replace this general sms mechanism with something akin to aws kms data keys.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            robert.matthews Robert Matthews
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: