[keycloak-user] Integrating with enterprise PKI e.g. Entrust..
Stian Thorgersen
sthorger at redhat.com
Fri Sep 9 03:07:39 EDT 2016
We don't currently support authenticating users via certificates, but we
actually have a community contribution that's awaiting review:
https://github.com/keycloak/keycloak/pull/3167
You could give this a spin and let us now if it works for you. We aim to
include it in Keycloak 2.3.
If you haven't built Keycloak from source before you can take a look at
https://github.com/keycloak/keycloak/blob/master/README.md for help.
On 8 September 2016 at 17:27, Jonathan Rathbone <getjonrathbone at gmail.com>
wrote:
> Hi there,
>
> Ok, the customer organisation has a corporate PKI infrastructure where
> instead of username/passwords users are issued certificates. These
> certificates are used as the credentials for logging in to web applications.
>
> I'd like to understand what I would need to do for Keycloak to accept this
> certificate from the browser as a credential, instead of password or OTP.
> Similar to the way it can accept a Kerberos ticket?
>
> Sincere thanks,
>
> Jon
>
>
>
>
>
> On 8 Sep 2016, at 07:33, Stian Thorgersen <sthorger at redhat.com> wrote:
>
> Can you elaborate a bit on exactly what you want? "integrate our app
> suite with their enterprise PKI solution for IDP and SSO" is a bit vague.
>
> On 6 September 2016 at 12:38, Jonathan Rathbone <getjonrathbone at gmail.com>
> wrote:
>
>>
>> Hi there,
>>
>> hope you can help. I’ve searched the documentation, and nothing seems to
>> jump out that clarifies this so…
>>
>> I have a set of web apps and services, all secured with Keycloak using
>> OAuth and JWT, with Single-Sign-On.
>>
>> I have a potential customer who is looking for us to integrate our app
>> suite with their enterprise PKI solution for IDP and SSO.
>>
>> Is there a way that Keycloak can enable this for us, so that we can keep
>> our app architecture isolated from the customers specific security
>> architecture, or will we have to produce a version of our apps and services
>> that have a dedicated integration to the enterprise PKI solution’s services?
>>
>> Sorry if this is a bit of noob question!
>>
>> sincere thanks,
>>
>> Jon
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160909/02935478/attachment.html
More information about the keycloak-user
mailing list