[keycloak-user] client certificate authentication using HAProxy and Keycloak

Nalyvayko, Peter pnalyvayko at agi.com
Wed Nov 22 11:35:13 EST 2017


Hi WEI LI,
I cannot tell you when the PR will be merged, but I've been meaning to test the migration steps and follow up with Marek before the end of the month
--Peter

________________________________________
From: Wei Li [weil at redhat.com]
Sent: Wednesday, November 22, 2017 11:30 AM
To: Nalyvayko, Peter
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] client certificate authentication using HAProxy and Keycloak

Hi Peter,

Yes, that is exactly what I am looking for. Thank you very much. Do you have any idea when that PR can be merged?

Thanks.

On Wed, Nov 22, 2017 at 4:25 PM, Nalyvayko, Peter <pnalyvayko at agi.com<mailto:pnalyvayko at agi.com>> wrote:
Hi WEI LI,

Is this what you are looking for? https://github.com/keycloak/keycloak/pull/4546
________________________________________
From: keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org> [keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org>] on behalf of Wei Li [weil at redhat.com<mailto:weil at redhat.com>]
Sent: Wednesday, November 22, 2017 10:37 AM
To: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
Subject: [keycloak-user] client certificate authentication using HAProxy and    Keycloak

Hi,

We are using HAProxy as the reverse proxy for the Keycloak server, and we
are terminating the SSL connection at HAProxy.

Now we want to enable client certificate authentication. Because the SSL is
terminated at HAProxy, we can't use the existing CCA feature provided by
Keycloak. But we can get the client cert info in HAProxy and pass them onto
Keycloak in headers. So is there a way to allow Keycloak to get the user
info from the headers and perform authentication?

Thanks for your help in advance!

--

WEI LI

SENIOR SOFTWARE ENGINEER

Red Hat Mobile <https://www.redhat.com/>

weil at redhat.com<mailto:weil at redhat.com>    M: +353862393272<tel:%2B353862393272>
<https://red.ht/sig>
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user



--

WEI LI

SENIOR SOFTWARE ENGINEER

Red Hat Mobile<https://www.redhat.com/>

weil at redhat.com<mailto:weil at redhat.com>    M: +353862393272<tel:+353862393272>

[https://www.redhat.com/files/brand/email/sig-redhat.png]<https://red.ht/sig>



More information about the keycloak-user mailing list