[keycloak-dev] authenticating applications

Stian Thorgersen stian at redhat.com
Wed Jan 29 08:48:57 EST 2014


Sounds like a good way to do it to me.

Had a quick search for two-way SSL, and IBM Identity Manager Express does both:

http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?topic=%2Fcom.ibm.itim.infocenter.doc%2Fcpt%2Fcpt_ic_security_ssl_authent1way.html
http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?topic=%2Fcom.ibm.itim.infocenter.doc%2Fcpt%2Fcpt_ic_security_ssl_authent2way.html

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 27 January, 2014 4:53:59 PM
> Subject: [keycloak-dev] authenticating applications
> 
> If SSL is a realm requirement, can't you use two-way SSL using between
> Keycloak and the application's server using the certificates of each of
> those servers?  There would be no need to set up client certs.  For
> self-signed certs you could even do what the browser does and have the
> admin console ask to trust the cert from the host of the application's
> server  (vice versa too!).
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list