[keycloak-user] Use X.509 certificate when retrieving Access Token from OIDC Provider?
Nalyvayko, Peter
pnalyvayko at agi.com
Thu May 4 11:52:59 EDT 2017
Hi,
Not hundred per sure, but you may have to edit standalone.xml to update connectionsHttpClient" SPI provider configuration (unless you have already done so) by adding a path to the client cert store containing your x509 client certificate, the client store password and the private key's password (if any).
"client-keystore"
"client-keystore-password"
"client-key-password"
My $0.02
--Peter
________________________________________
From: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.jboss.org] on behalf of Jeremy Waterman [jeremy at perspectivepartners.com]
Sent: Thursday, May 4, 2017 10:50 AM
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] Use X.509 certificate when retrieving Access Token from OIDC Provider?
Hi all,
We are using Keycloak as an identity broker with a third party service. We’ve set up the third party up as an OIDC Identity Provider within Keycloak, but we’ve hit a snag. The third party that we’re woking with requires that requests to retrieve an access token are sent with an X.509 certificate. We can’t find a way within Keycloak to set this up and when we hit the token server URL to exchange the authorization code for a token, we are getting an error back from the third party - “proper client ssl certificate was not presented.”
Any ideas on how to support this with Keycloak?
Thanks for any help!!
Jeremy
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list