[keycloak-dev] validating client certificates on user login
Knüppel, Pascal
Pascal.Knueppel at governikus.de
Thu Nov 7 02:24:37 EST 2019
Hi I was told to send a mail to the developers mailing list regarding the following issue to get more input from other developers:
https://issues.jboss.org/browse/KEYCLOAK-11818
Our problem is that users who login with mutual client-authentication via X509 certificates are still able to login if the certificates are expired or not valid yet. I added a pull request - that is also referenced in the issue - that adds a switch that may be used to validate the notBefore and notAfter timestamps of X509 certificates. From our side we would say that this is actually a security issue that should be fixed very soon.
Best regards
Pascal Knüppel
****************************************************
Veranstaltungsvorschau: Besuchen Sie uns...
11. Jahrestagung E-Akte | 06. + 07.11.2019 | Berlin<https://jahrestagung-eakte.de/>
Kongress e-nrw | 07.11.2019 | Düsseldorf/Neuss<https://www.e-nrw.info/>
OMNISECURE | 20.-22.01.2020 |Berlin<https://www.omnisecure.berlin/de/>
Zukunftskongress Staat & Verwaltung |15.-17.06.2020 | Berlin<https://www.zukunftskongress.info/de/zksv/willkommen>
More information about the keycloak-dev
mailing list