[keycloak-user] X509 Client Authentication regex replacement possible?

Page, Raymond (Techical Solutions ) Page_Raymond at ne.bah.com
Thu Mar 21 14:54:39 EDT 2019


To those that assisted me, thanks for the assistance yesterday, I finally got the logging that I needed enabled.


When using auth-x509-client-username-form, is it possible to specify a regex *replacement* instead of simply a regex sub-string match for the identity?

I'm mapping a numeric unique identifier in the client certificates to the UPN attribute in AD of the form '1234 at domain'. Since the numeric unique identifier (i.e. '1234') is not in a dedicated attribute in AD, I cannot simply extract the identifier from the certificate, I need to append the '@domain' portion for the UPN lookup.


If regex replacements aren't supported, where can I recommend this as a feature request?

Should I reopen this feature request with an enhancement request:
https://issues.jboss.org/browse/KEYCLOAK-4335


--
Raymond Page, CTR (US)
Automation Engineer, UoT
TIS CTR to Booz | Allen | Hamilton
page_raymond at ne.bah.com
raymond.c.page15.ctr at mail.mil
C: (321) 549-7243<tel:(321)+549-7243>
W: (703) 679-8618<tel:(703)+679-8618>


More information about the keycloak-user mailing list