Hi Peter,
As I could grasp, currently the user would have to manually register
himself into the realm, providing a password for the access. After that, he
or she can use the certificate instead of the password to log into the
realm.
However, we would like users to log in only through valid X509
certificates. It seems a bit artificial to ask for a password that
ultimately won't be used. Can we avoid asking the password somehow?
Best regards,
Thiago Presa
On Tue, Jun 13, 2017 at 7:35 PM, Nalyvayko, Peter <pnalyvayko(a)agi.com>
wrote:
Hi Thiago,
AFAIK x509 user authentication requires an existing user. Can you go into
specifics what your use case is?
--Peter
________________________________________
From: keycloak-user-bounces(a)lists.jboss.org [keycloak-user-bounces@lists.
jboss.org] on behalf of Thiago Presa [thiago.addevico(a)gmail.com]
Sent: Tuesday, June 13, 2017 5:47 PM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] X509 Identity Brokering
Hi,
Does Keycloak support some sort of Identity Brokering through X509? I
managed to configure the X509 Client Certificate, but it only replaces the
password, and requires the user to be already registered. What I would like
to achieve is to automatically register the users who present a valid X509
Certificate. Is that possible?
Best regards,
Thiago Presa
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user