Hi there,

Ok, the customer organisation has a corporate PKI infrastructure where instead of username/passwords users are issued certificates. These certificates are used as the credentials for logging in to web applications.

I'd like to understand what I would need to do for Keycloak to accept this certificate from the browser as a credential, instead of password or OTP. Similar to the way it can accept a Kerberos ticket?

Sincere thanks,

Jon





On 8 Sep 2016, at 07:33, Stian Thorgersen <sthorger@redhat.com> wrote:

Can you elaborate a bit on exactly what you want? "integrate our app suite with their enterprise PKI solution for IDP and SSO" is a bit vague.

On 6 September 2016 at 12:38, Jonathan Rathbone <getjonrathbone@gmail.com> wrote:

Hi there,

hope you can help. I’ve searched the documentation, and nothing seems to jump out that clarifies this so…

I have a set of web apps and services, all secured with Keycloak using OAuth and JWT, with Single-Sign-On.

I have a potential customer who is looking for us to integrate our app suite with their enterprise PKI solution for IDP and SSO.

Is there a way that Keycloak can enable this for us, so that we can keep our app architecture isolated from the customers specific security architecture, or will we have to produce a version of our apps and services that have a dedicated integration to the enterprise PKI solution’s services?

Sorry if this is a bit of noob question!

sincere thanks,

Jon
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user