[keycloak-user] Integrating with enterprise PKI e.g. Entrust..

[Jonathan Rathbone]

Hi there,

Ok, the customer organisation has a corporate PKI infrastructure where instead of username/passwords users are issued certificates. These certificates are used as the credentials for logging in to web applications.

I'd like to understand what I would need to do for Keycloak to accept this certificate from the browser as a credential, instead of password or OTP. Similar to the way it can accept a Kerberos ticket?

Sincere thanks,

Jon





> On 8 Sep 2016, at 07:33, Stian Thorgersen <sthorger at redhat.com> wrote:
> 
> Can you elaborate a bit on exactly what you want? "integrate our app suite with their enterprise PKI solution for IDP and SSO" is a bit vague.
> 
>> On 6 September 2016 at 12:38, Jonathan Rathbone <getjonrathbone at gmail.com> wrote:
>> 
>> Hi there,
>> 
>> hope you can help. I’ve searched the documentation, and nothing seems to jump out that clarifies this so…
>> 
>> I have a set of web apps and services, all secured with Keycloak using OAuth and JWT, with Single-Sign-On.
>> 
>> I have a potential customer who is looking for us to integrate our app suite with their enterprise PKI solution for IDP and SSO.
>> 
>> Is there a way that Keycloak can enable this for us, so that we can keep our app architecture isolated from the customers specific security architecture, or will we have to produce a version of our apps and services that have a dedicated integration to the enterprise PKI solution’s services?
>> 
>> Sorry if this is a bit of noob question!
>> 
>> sincere thanks,
>> 
>> Jon
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160908/55d57f96/attachment-0001.html