[keycloak-user] Use X.509 certificate when retrieving Access Token from OIDC Provider?

[Jeremy Waterman]

Thanks, Peter! I think that did it. We somehow missed that in the documentation initially.


> On May 4, 2017, at 11:52 AM, Nalyvayko, Peter <pnalyvayko at agi.com> wrote:
> 
> Hi,
> Not hundred per sure, but you may have to edit standalone.xml to update connectionsHttpClient" SPI provider configuration (unless you have already done so) by adding a path to the client cert store containing your x509 client certificate, the client store password and the private key's password (if any). 
> 
> "client-keystore"
> "client-keystore-password"
> "client-key-password"
> 
> My $0.02
> 
> --Peter
> ________________________________________
> From: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.jboss.org] on behalf of Jeremy Waterman [jeremy at perspectivepartners.com]
> Sent: Thursday, May 4, 2017 10:50 AM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] Use X.509 certificate when retrieving Access Token from OIDC Provider?
> 
> Hi all,
> 
> We are using Keycloak as an identity broker with a third party service. We’ve set up the third party up as an OIDC Identity Provider within Keycloak, but we’ve hit a snag. The third party that we’re woking with requires that requests to retrieve an access token are sent with an X.509 certificate. We can’t find a way within Keycloak to set this up and when we hit the token server URL to exchange the authorization code for a token, we are getting an error back from the third party - “proper client ssl certificate was not presented.”
> 
> Any ideas on how to support this with Keycloak?
> 
> Thanks for any help!!
> Jeremy
> 
> 
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user