6:31 a.m.
From your post, I'm not exactly sure what x509 Authenticator
you're
referring to.
If we are talking about authentication Clients, than
`org.keycloak.authentication.authenticators.client.X509ClientAuthenticator`
category should be used. However, if we're considering Users, then you
should use `org.keycloak.authentication.authenticators.x509`.
Also, please make sure you configured logging handlers properly. If you
wish to observe the output on the console, please take a look at
`console-handler` XML element and change its from INFO to DEBUG. You should
find more information about configuring loggers on Wildfly related pages.
On Tue, Mar 19, 2019 at 6:43 PM Nalyvayko, Peter <pnalyvayko(a)agi.com> wrote:
Hey Raymond,
Edit standalone.xml and add the following configuration under <subsystem
xmlns="urn:jboss:domain:logging:3.0">:
<logger category="org.keycloak.authentication.authenticators.x509">
<level name="TRACE"/>
</logger>
<logger category="org.keycloak.services.x509">
<level name="TRACE"/>
</logger>
You will have to restart the service. Hope this helps
Cheers
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <
keycloak-user-bounces(a)lists.jboss.org> On Behalf Of Page, Raymond
(Techical Solutions )
Sent: Tuesday, March 19, 2019 12:22 PM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Logging for X509 authentication flow
I'm trying to get keycloak working with Wildfly authenticating clients
directly by X.509 and then using the authentication flow in keycloak to
translate that to a local user.
Unfortunately, it's not working and I'm not getting useful logging out of
keycloak to determine what's wrong with my configuration. To debug, I need
to know that undertow is passing the certificate successfully to keycloak,
that keycloak's X509-form authentication is receiving the proper identity,
the identity extracted from the certificate for authentication comparison,
what it's being compared to (is the CN or DN being regexed and is it being
compared to the keycloak custom attribute that I specified). What I get
from enabling debug logging that's not jboss modules loads is:
18:59:38,702 WARN [org.keycloak.events] (default task-1)
type=LOGIN_ERROR, realmId=TEST, clientId=https://auth.test.local,
userId=null, ipAddress=192.168.0.100, error=client_not_found
Can someone provide details on how to get debug logging for undertow and
the X509-form-config authentication?
--
Raymond Page, CTR (US)
Automation Engineer, UoT
TIS CTR to Booz | Allen | Hamilton
page_raymond(a)ne.bah.com
raymond.c.page15.ctr(a)mail.mil
C: (321) 549-7243<tel:(321)+549-7243>
W: (703) 679-8618<tel:(703)+679-8618>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user