What is session_code in RH-SSO and does it contain any sensitive information ?
Issue
- We can see the session_code visible in RH-SSO request flow. Does
session_code
contain any sensitive information ?
https://<SSOURL>/auth/realms/<RealmName>/broker/<IDPName>/login?session_code=xxx&client_id=<ClientID>&tab_id=xxx
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7.5.x
- 7.6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.