3:48 a.m.
Thank you very much. It seems it works. At least, I am getting form for
user-pass, since I didn't configure certificates.
Can you tell what I have done wrong? This is my configuration:
Auth type Requirement
Type
Flow1 ALTERNATIVE
Flow
==> X509/Validate Username Form ALTERNATIVE
(execution step, Flow1)
Flow2 ALTERNATIVE
Flow
==> Username Password Form REQUIRED
(sub-flow, Flow2)
-----Original Message-----
From: Nalyvayko, Peter [mailto:pnalyvayko@agi.com]
Sent: Tuesday, July 24, 2018 7:03 PM
To: Nikola Malenic <nikola.malenic(a)netsetglobal.rs>;
keycloak-user(a)lists.jboss.org
Subject: RE: [keycloak-user] Alternative client-cert authentication
Hi Nikola,
Try this:
Auth type Requirement
Type
X509 ALTERNATIVE Flow
==> X509/Validate Username Form ALTERNATIVE (execution step, X509
flow)
==> Browser Forms ALTERNATIVE
(sub-flow, X509 flow)
====> Username Password Form REQUIRED (execution step,
Browser Forms flow)
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org
<keycloak-user-bounces(a)lists.jboss.org> On Behalf Of Nikola Malenic
Sent: Tuesday, July 24, 2018 9:22 AM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Alternative client-cert authentication
I am configuring browser flow and would like to provide users with
certificates with capability to login immediately.
Users which don't have (send) certificate should be able to login with
username+password (form would be presented to them).
I configured two ALTERNATIVE subflows inside browser flow. First subflow has
X509/Validate Username Form execution as ALTERNATIVE and second flow has
Username Password Form as REQUIRED.
The problem is that when I access admin console I am not shown form to enter
username and password since I didn't send certificate. I get this error:
"Invalid username or password.".
It seems that the second flow is automatically executed, but since I didn't
send username and password it finishes unsuccessfully.
Do you have any idea how to configure this.
Many thanks,
Nikola
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user