[keycloak-user] X509 Identity Brokering
Thiago Presa
thiago.addevico at gmail.com
Wed Jun 14 13:23:56 EDT 2017
Hi Peter,
As I could grasp, currently the user would have to manually register
himself into the realm, providing a password for the access. After that, he
or she can use the certificate instead of the password to log into the
realm.
However, we would like users to log in only through valid X509
certificates. It seems a bit artificial to ask for a password that
ultimately won't be used. Can we avoid asking the password somehow?
Best regards,
Thiago Presa
On Tue, Jun 13, 2017 at 7:35 PM, Nalyvayko, Peter <pnalyvayko at agi.com>
wrote:
> Hi Thiago,
>
> AFAIK x509 user authentication requires an existing user. Can you go into
> specifics what your use case is?
> --Peter
> ________________________________________
> From: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.
> jboss.org] on behalf of Thiago Presa [thiago.addevico at gmail.com]
> Sent: Tuesday, June 13, 2017 5:47 PM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] X509 Identity Brokering
>
> Hi,
>
> Does Keycloak support some sort of Identity Brokering through X509? I
> managed to configure the X509 Client Certificate, but it only replaces the
> password, and requires the user to be already registered. What I would like
> to achieve is to automatically register the users who present a valid X509
> Certificate. Is that possible?
>
> Best regards,
> Thiago Presa
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list