Newer
Older
labs / tiddlers / content / labs / 04 / _Labs_04_Protocol snooping.md

Next, we can perform some investigation of what's happening at the network level when SSO is being used. To do this, run two instances of tcpflow in separate Terminal tabs/windows, one listening on port 8081 for the Web service, and one monitoring port 8080 for the Keycloak interactions. Observe what happens in each while you are interacting with the site via your browser.

In the tcpflow output, you should be able to identify where auth and access tokens are being communicated. You can decode and view the contents of these using the https://jwt.io Web site. Try this and see how much information is contained within these tokens. Discuss the security implications of this, with respect to whether such traffic would be travelling over the broader Internet, or just within a company's IT infrastructure.

Try to figure out what's going on with the OIDC protocol (reverse-engineering), in particular examining the flow of the various tokens. What does the application need to do in order to obtain the access_token and id_token values?