Red Hat Security Advisory 2016-2945-01 – Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for Red Hat Single Sign-On 7.0. Security Fix: It was found that Keycloak did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user’s session. This could lead to information disclosure, or permit further possible attacks.