Re: [keycloak-user] Integrating with enterprise PKI e.g. Entrust..
Hi there,
Ok, the customer organisation has a corporate PKI infrastructure where instead of
username/passwords users are issued certificates. These certificates are used as the
credentials for logging in to web applications.
I'd like to understand what I would need to do for Keycloak to accept this certificate
from the browser as a credential, instead of password or OTP. Similar to the way it can
accept a Kerberos ticket?
Sincere thanks,
Jon
On 8 Sep 2016, at 07:33, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Can you elaborate a bit on exactly what you want? "integrate our app suite with
their enterprise PKI solution for IDP and SSO" is a bit vague.
> On 6 September 2016 at 12:38, Jonathan Rathbone <getjonrathbone(a)gmail.com>
wrote:
>
> Hi there,
>
> hope you can help. I’ve searched the documentation, and nothing seems to jump out
that clarifies this so…
>
> I have a set of web apps and services, all secured with Keycloak using OAuth and JWT,
with Single-Sign-On.
>
> I have a potential customer who is looking for us to integrate our app suite with
their enterprise PKI solution for IDP and SSO.
>
> Is there a way that Keycloak can enable this for us, so that we can keep our app
architecture isolated from the customers specific security architecture, or will we have
to produce a version of our apps and services that have a dedicated integration to the
enterprise PKI solution’s services?
>
> Sorry if this is a bit of noob question!
>
> sincere thanks,
>
> Jon
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 2.8 KB)