[keycloak-user] Apache X509 cert-lookup

Matthias ANGLADE manglade at nextoo.fr
Fri Jun 22 04:56:37 EDT 2018


Hello,

I'm trying to setup a client cert authentication. Since my Keycloak server
is running behind an SSL reverse proxy I modified the domain.xml file in
order to declare the Apache cert lookup SPI. I checked that the certificate
was properly embedded in the HTTP header still, I can't get to authenticate
using this approach. In the log file I see no line related to this
authentication (I should be able to see log coming from
AbstractClientCertificateFromHttpHeadersLookup.
It behaves just as if the SPI wasn't active.

Note that even if my proxy isn't an Apache server, the certificate it emits
is formatted like for Apache.

Any clue on this ?

Regards,


More information about the keycloak-user mailing list