[keycloak-user] Alternative client-cert authentication
Nikola Malenic
nikola.malenic at netsetglobal.rs
Tue Jul 24 09:22:09 EDT 2018
I am configuring browser flow and would like to provide users with
certificates with capability to login immediately.
Users which don't have (send) certificate should be able to login with
username+password (form would be presented to them).
I configured two ALTERNATIVE subflows inside browser flow. First subflow has
X509/Validate Username Form execution as ALTERNATIVE and second flow has
Username Password Form as REQUIRED.
The problem is that when I access admin console I am not shown form to enter
username and password since I didn't send certificate. I get this error:
"Invalid username or password.".
It seems that the second flow is automatically executed, but since I didn't
send username and password it finishes unsuccessfully.
Do you have any idea how to configure this.
Many thanks,
Nikola
More information about the keycloak-user
mailing list