5:38 a.m.
Hi there,
hope you can help. I’ve searched the documentation, and nothing seems to jump out that
clarifies this so…
I have a set of web apps and services, all secured with Keycloak using OAuth and JWT, with
Single-Sign-On.
I have a potential customer who is looking for us to integrate our app suite with their
enterprise PKI solution for IDP and SSO.
Is there a way that Keycloak can enable this for us, so that we can keep our app
architecture isolated from the customers specific security architecture, or will we have
to produce a version of our apps and services that have a dedicated integration to the
enterprise PKI solution’s services?
Sorry if this is a bit of noob question!
sincere thanks,
Jon
1:33 a.m.
Can you elaborate a bit on exactly what you want? "integrate our app suite
with their enterprise PKI solution for IDP and SSO" is a bit vague.
On 6 September 2016 at 12:38, Jonathan Rathbone <getjonrathbone(a)gmail.com>
wrote:
Hi there,
hope you can help. I’ve searched the documentation, and nothing seems to
jump out that clarifies this so…
I have a set of web apps and services, all secured with Keycloak using
OAuth and JWT, with Single-Sign-On.
I have a potential customer who is looking for us to integrate our app
suite with their enterprise PKI solution for IDP and SSO.
Is there a way that Keycloak can enable this for us, so that we can keep
our app architecture isolated from the customers specific security
architecture, or will we have to produce a version of our apps and services
that have a dedicated integration to the enterprise PKI solution’s services?
Sorry if this is a bit of noob question!
sincere thanks,
Jon
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:27 a.m.
Hi there,
Ok, the customer organisation has a corporate PKI infrastructure where instead of
username/passwords users are issued certificates. These certificates are used as the
credentials for logging in to web applications.
I'd like to understand what I would need to do for Keycloak to accept this certificate
from the browser as a credential, instead of password or OTP. Similar to the way it can
accept a Kerberos ticket?
Sincere thanks,
Jon
On 8 Sep 2016, at 07:33, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Can you elaborate a bit on exactly what you want? "integrate our app suite with
their enterprise PKI solution for IDP and SSO" is a bit vague.
> On 6 September 2016 at 12:38, Jonathan Rathbone <getjonrathbone(a)gmail.com>
wrote:
>
> Hi there,
>
> hope you can help. I’ve searched the documentation, and nothing seems to jump out
that clarifies this so…
>
> I have a set of web apps and services, all secured with Keycloak using OAuth and JWT,
with Single-Sign-On.
>
> I have a potential customer who is looking for us to integrate our app suite with
their enterprise PKI solution for IDP and SSO.
>
> Is there a way that Keycloak can enable this for us, so that we can keep our app
architecture isolated from the customers specific security architecture, or will we have
to produce a version of our apps and services that have a dedicated integration to the
enterprise PKI solution’s services?
>
> Sorry if this is a bit of noob question!
>
> sincere thanks,
>
> Jon
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
2:07 a.m.
We don't currently support authenticating users via certificates, but we
actually have a community contribution that's awaiting review:
https://github.com/keycloak/keycloak/pull/3167
You could give this a spin and let us now if it works for you. We aim to
include it in Keycloak 2.3.
If you haven't built Keycloak from source before you can take a look at
https://github.com/keycloak/keycloak/blob/master/README.md for help.
On 8 September 2016 at 17:27, Jonathan Rathbone <getjonrathbone(a)gmail.com>
wrote:
Hi there,
Ok, the customer organisation has a corporate PKI infrastructure where
instead of username/passwords users are issued certificates. These
certificates are used as the credentials for logging in to web applications.
I'd like to understand what I would need to do for Keycloak to accept this
certificate from the browser as a credential, instead of password or OTP.
Similar to the way it can accept a Kerberos ticket?
Sincere thanks,
Jon
On 8 Sep 2016, at 07:33, Stian Thorgersen <sthorger(a)redhat.com> wrote:
Can you elaborate a bit on exactly what you want? "integrate our app
suite with their enterprise PKI solution for IDP and SSO" is a bit vague.
On 6 September 2016 at 12:38, Jonathan Rathbone <getjonrathbone(a)gmail.com>
wrote:
>
> Hi there,
>
> hope you can help. I’ve searched the documentation, and nothing seems to
> jump out that clarifies this so…
>
> I have a set of web apps and services, all secured with Keycloak using
> OAuth and JWT, with Single-Sign-On.
>
> I have a potential customer who is looking for us to integrate our app
> suite with their enterprise PKI solution for IDP and SSO.
>
> Is there a way that Keycloak can enable this for us, so that we can keep
> our app architecture isolated from the customers specific security
> architecture, or will we have to produce a version of our apps and services
> that have a dedicated integration to the enterprise PKI solution’s services?
>
> Sorry if this is a bit of noob question!
>
> sincere thanks,
>
> Jon
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
3496
days inactive
3499
days old
3 comments
2 participants
participants (2)
-
Jonathan Rathbone -
Stian Thorgersen