Re: [keycloak-dev] validating client certificates on user login

added unit tests :-) **************************************************** Veranstaltungsvorschau: Besuchen Sie uns… 11. Jahrestagung E-Akte | 06. + 07.11.2019 | Berlin<https://jahrestagung-eakte.de/> Kongress e-nrw | 07.11.2019 | Düsseldorf/Neuss<https://www.e-nrw.info/> OMNISECURE | 20.-22.01.2020 |Berlin<https://www.omnisecure.berlin/de/> Zukunftskongress Staat & Verwaltung |15.-17.06.2020 | Berlin<https://www.zukunftskongress.info/de/zksv/willkommen> Von: Stian Thorgersen <sthorger(a)redhat.com&gt; Gesendet: Donnerstag, 7. November 2019 13:56 An: Knüppel, Pascal <Pascal.Knueppel(a)governikus.de&gt; Cc: keycloak-dev(a)lists.jboss.org Betreff: Re: [keycloak-dev] validating client certificates on user login Looks like a sane PR to me. Tests are missing though. If you use Time from Keycloak as I mentioned in the PR comments you can tweak the server time in a test to be able to test this. On Thu, 7 Nov 2019 at 08:27, Knüppel, Pascal <Pascal.Knueppel@governikus.de<mailto:Pascal.Knueppel@governikus.de>> wrote: Hi I was told to send a mail to the developers mailing list regarding the following issue to get more input from other developers: https://issues.jboss.org/browse/KEYCLOAK-11818 Our problem is that users who login with mutual client-authentication via X509 certificates are still able to login if the certificates are expired or not valid yet. I added a pull request - that is also referenced in the issue - that adds a switch that may be used to validate the notBefore and notAfter timestamps of X509 certificates. From our side we would say that this is actually a security issue that should be fixed very soon. Best regards Pascal Knüppel **************************************************** Veranstaltungsvorschau: Besuchen Sie uns... 11. Jahrestagung E-Akte | 06. + 07.11.2019 | Berlin<https://jahrestagung-eakte.de/> Kongress e-nrw | 07.11.2019 | Düsseldorf/Neuss<https://www.e-nrw.info/> OMNISECURE | 20.-22.01.2020 |Berlin<https://www.omnisecure.berlin/de/> Zukunftskongress Staat & Verwaltung |15.-17.06.2020 | Berlin<https://www.zukunftskongress.info/de/zksv/willkommen> _______________________________________________ keycloak-dev mailing list keycloak-dev@lists.jboss.org<mailto:keycloak-dev@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev