RH-SSO hardening - Protecting password in use by RH-SSO (database, keystore, trusstore, ldap provider, stmp mail, external OIDC IDP ) ?

Solution Verified - Updated -

Issue

How is it possible to protect the different password provided in RH-SSO configuration file, as those passwords are provided in plain text ?

This applies to the following entities:

  • database password
  • keystore and truststore password
  • ldap password
  • smtp mail password
  • external OIDC provider password

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7.4+
  • RH-SSO userpassword for:
    • RH-SSO database
    • RH-SSO keystore
    • RH-SSO truststore
  • RH-SSO userpassword for :
    • SMTP password
    • LDAP bind credential
    • OIDC identity provider secret (client secret)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content