<div dir="ltr">By PK certificate authentication do you mean mutual SSL? If so it's on our radar, but not a high priority as we haven't had demand for it. It may take a while until we get around to it.<div><br></div><div>You may also be able to implement it yourself using a custom authenticator and a root CA certificate added to the underlying Undertow/WildFly.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 5 June 2016 at 16:31, Peter Nalyvayko <span dir="ltr"><<a href="mailto:petervn1@yahoo.com" target="_blank">petervn1@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div><span>Hi again,</span></div><div><span>Judging from the silence regarding my question about a support for PK certificate user authentication in keycloak I guess I must assume that PK certificate authentication is not supported out of the box.</span></div><div><span><br></span></div><div><span><br></span></div><div><br><br></div><div style="display:block"> <div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"> <div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"> <div dir="ltr"><font size="2" face="Arial"><b><span style="font-weight:bold">>Sent:</span></b> Wednesday, June 1, 2016 1:19 PM<br> <b><span style="font-weight:bold">>Subject:</span></b> Fw: Are there plans to implement PK Certificate user authentication?<br> </font> </div><div><div class="h5"> <div><div><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div><br></div><div>>Hello,<br></div><div style="display:block"><div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div style="font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div><div><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif;font-size:16px"><div>></div><div dir="ltr">>Cross-posting...We are considering using keycloak as an STS (Secure Token Service). One of the requirements is PK >certificate user authentication. It seems the only supported user authentication mechanism in keycloak is user >credentials (user name / password). Before rolling out our own implementation, I just want to make sure I am not >missing something obvious and that PK authentication is indeed not supported in keycloak yet. </div><div><div dir="ltr">>Regards,</div><div dir="ltr">>Peter</div></div></div></div></div><div><br clear="none"><br clear="none"></div></div><div> </div></div><div> </div></div><div> </div></div></div></div></div><br><br></div> </div></div></div> </div> </div></div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>