[keycloak-user] Realm Admin Console x509 Certificate Login

Grant Foster gfoster at loyalsource.com
Fri Sep 7 10:40:17 EDT 2018


I deployed a simple web app in WildFly whose standalone.xml points to the security-admin-console client, but when it tries to authenticate with keycloak, it keeps trying to redirect back to localhost even though the Valid Redirect URI points to /auth/admin/my-realm/console/*. It's only happy when the Valid Redirect URI points back to the app. Am I missing something? I'm guessing the security-admin-console client has /auth/admin/my-realm/console/* for a reason, so it should work. Do you know why this isn't working as expected? Thanks.

________________________________
From: Marek Posolda <mposolda at redhat.com>
Sent: Thursday, September 6, 2018 3:37:16 PM
To: Grant Foster; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Realm Admin Console x509 Certificate Login

If you want it just for this client, you may need to add "Authentication
flow override" for the "security-admin-console" client and configure the
authentication flow with the x509 certificate and use just that one for
login to this security-admin-console client.

Marek

On 05/09/18 22:19, Grant Foster wrote:
> Hi all,
>
>
> Is there a way to configure Keycloak to use a user's certificate for logging in to a realm's admin console?
>
> Here's the documentation I read for client x509 authentication: https://www.keycloak.org/docs/3.4/server_admin/index.html#_x509
>
> I don't see anything in regard to authenticating a realm admin into the admin console using x509 authentication - just for authenticating with a client.
>
> I've googled but haven't found anyone asking the same question, so I figured I'd ask here.
>
> Just to be clear, I want to be able to go to localhost:8180/auth/admin/{realm-name}/console and be asked to authenticate using my user certificate instead of username/password. Can this be done? Thanks.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list