Hi,
Has anyone else faced a similar issue, and/or managed to resolve something similar?
Kind Regards,
Chirag Unnadkat
Business Analyst
Cerillion plc
E. chirag.unnadkat(a)cerillion.com
T. 0207 9276029
W. www.cerillion.com
Addr. 25 Bedford Street, London, WC2E 9ES, UK
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
On Behalf Of Chirag Unnadkat
Sent: 28 May 2019 16:03
To: keycloak-user(a)lists.jboss.org
Subject: Caution -Identified as Possible Scam - [keycloak-user] X509 Direct Grant with
client certificate
Hi,
Is it possible to pass the same client certificate in a token request with different login
credentials?
My current setup doesn't seem to allow this and I can't find any documentation
saying this is not possible
I have configured an X509 Direct grant flow using X509/Validate Username(X.509 Config)
This is configured to take the Subjects Common Name, with the attribute "NAME"
I have configured a trust store with 1 certificate (want to share this across users) When
I add the Subject Common Name to user 1's attribute, they then require the key pair to
generate a token, however once I share the same attribute details to user 2, both user 1
and 2 stop working. Maybe I am missing some configuration that will allow my users to
share the same certificate
I ideally do not want to have one certificate per user as this will get out of hand to
manage, as the population of the realm increases
Kind Regards,
Chirag Unnadkat
Business Analyst
Cerillion plc
E. chirag.unnadkat@cerillion.com<mailto:chirag.unnadkat@cerillion.com>
T. 0207 9276029
W.
https://clicktime.symantec.com/3Dkjz73Ak7RQtTbSctftLHd6H2?u=www.cerillion...
Addr. 25 Bedford Street, London, WC2E 9ES, UK
________________________________
Cerillion Technologies Limited is a limited liability company registered in England No.
3849601 with Registered Office at 25 Bedford Street, London WC2E 9ES. VAT registration No.
743 8054 29. Website
https://clicktime.symantec.com/3Dkjz73Ak7RQtTbSctftLHd6H2?u=www.cerillion...
This email and any attachments with it are intended for the addressee only. It is
confidential and may be the subject of legal and/or professional privilege. If you have
received this email in error please notify the sender, destroy any copies and delete from
your computer systems as any use, disclosure, dissemination, forwarding, printing or
copying is strictly prohibited. The content may be personal or contain personal opinions
and cannot be taken as an expression of Cerillion's position. Internet communications
cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept
liability for any errors or omissions.
Cerillion reserves the right to monitor all incoming and outgoing mail. Whilst every care
has been taken to check this outgoing email for viruses, it is your responsibility to
carry out any checks upon receipt.
________________________________
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://clicktime.symantec.com/3R2MaYpXaCBqfdVw3He1gdp6H2?u=https%3A%2F%2...