[keycloak-user] Apache X509 cert-lookup
Nalyvayko, Peter
pnalyvayko at agi.com
Fri Jun 22 21:30:12 EDT 2018
Hi Matthias,
Can you attach the x509 cert lookup SPI config?
--Peter
________________________________________
From: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.jboss.org] on behalf of Matthias ANGLADE [manglade at nextoo.fr]
Sent: Friday, June 22, 2018 4:56 AM
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Apache X509 cert-lookup
Hello,
I'm trying to setup a client cert authentication. Since my Keycloak server
is running behind an SSL reverse proxy I modified the domain.xml file in
order to declare the Apache cert lookup SPI. I checked that the certificate
was properly embedded in the HTTP header still, I can't get to authenticate
using this approach. In the log file I see no line related to this
authentication (I should be able to see log coming from
AbstractClientCertificateFromHttpHeadersLookup.
It behaves just as if the SPI wasn't active.
Note that even if my proxy isn't an Apache server, the certificate it emits
is formatted like for Apache.
Any clue on this ?
Regards,
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list