I deployed a simple web app in WildFly whose standalone.xml points to the
security-admin-console client, but when it tries to authenticate with keycloak, it keeps
trying to redirect back to localhost even though the Valid Redirect URI points to
/auth/admin/my-realm/console/*. It's only happy when the Valid Redirect URI points
back to the app. Am I missing something? I'm guessing the security-admin-console
client has /auth/admin/my-realm/console/* for a reason, so it should work. Do you know why
this isn't working as expected? Thanks.
________________________________
From: Marek Posolda <mposolda(a)redhat.com>
Sent: Thursday, September 6, 2018 3:37:16 PM
To: Grant Foster; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Realm Admin Console x509 Certificate Login
If you want it just for this client, you may need to add "Authentication
flow override" for the "security-admin-console" client and configure the
authentication flow with the x509 certificate and use just that one for
login to this security-admin-console client.
Marek
On 05/09/18 22:19, Grant Foster wrote:
Hi all,
Is there a way to configure Keycloak to use a user's certificate for logging in to a
realm's admin console?
Here's the documentation I read for client x509 authentication:
https://www.keycloak.org/docs/3.4/server_admin/index.html#_x509
I don't see anything in regard to authenticating a realm admin into the admin console
using x509 authentication - just for authenticating with a client.
I've googled but haven't found anyone asking the same question, so I figured
I'd ask here.
Just to be clear, I want to be able to go to
localhost:8180/auth/admin/{realm-name}/console and be asked to authenticate using my user
certificate instead of username/password. Can this be done? Thanks.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user