[keycloak-user] client certificate authentication using HAProxy and Keycloak

Wei Li weil at redhat.com
Wed Nov 22 11:30:57 EST 2017


Hi Peter,

Yes, that is exactly what I am looking for. Thank you very much. Do you
have any idea when that PR can be merged?

Thanks.

On Wed, Nov 22, 2017 at 4:25 PM, Nalyvayko, Peter <pnalyvayko at agi.com>
wrote:

> Hi WEI LI,
>
> Is this what you are looking for? https://github.com/keycloak/
> keycloak/pull/4546
> ________________________________________
> From: keycloak-user-bounces at lists.jboss.org [keycloak-user-bounces at lists.
> jboss.org] on behalf of Wei Li [weil at redhat.com]
> Sent: Wednesday, November 22, 2017 10:37 AM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] client certificate authentication using HAProxy
> and    Keycloak
>
> Hi,
>
> We are using HAProxy as the reverse proxy for the Keycloak server, and we
> are terminating the SSL connection at HAProxy.
>
> Now we want to enable client certificate authentication. Because the SSL is
> terminated at HAProxy, we can't use the existing CCA feature provided by
> Keycloak. But we can get the client cert info in HAProxy and pass them onto
> Keycloak in headers. So is there a way to allow Keycloak to get the user
> info from the headers and perform authentication?
>
> Thanks for your help in advance!
>
> --
>
> WEI LI
>
> SENIOR SOFTWARE ENGINEER
>
> Red Hat Mobile <https://www.redhat.com/>
>
> weil at redhat.com    M: +353862393272
> <https://red.ht/sig>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 

WEI LI

SENIOR SOFTWARE ENGINEER

Red Hat Mobile <https://www.redhat.com/>

weil at redhat.com    M: +353862393272
<https://red.ht/sig>


More information about the keycloak-user mailing list