[keycloak-dev] Adding support for client certificate with LDAP SASL EXTERNAL
Tero Saarni
tero.saarni at gmail.com
Tue Nov 26 13:21:52 EST 2019
Hi,
I'm using Keycloak with LDAP user federation. I have enabled LDAP StartTLS.
Proposal for new use case:
As an administrator, I would like Keycloak to use client certificate based
authentication instead of bind DN and bind password when Keycloak operates
as an LDAP server admin.
Simple bind (username + password) will be still used for end-user
authentication.
Background:
Currently simple bind is the only supported authentication method with
StartTLS.
LDAP with SASL supports "EXTERNAL" mechanism [1] to achieve client certificate
based authentication.
Do you think this is acceptable use case?
If you do, I would be interested to work with this and create JIRA and PR.
--
Tero
[1] https://tools.ietf.org/html/rfc4513
More information about the keycloak-dev
mailing list