[keycloak-user] X509 Direct Grant with client certificate
Chirag Unnadkat
Chirag.Unnadkat at cerillion.com
Tue May 28 11:02:46 EDT 2019
Hi,
Is it possible to pass the same client certificate in a token request with different login credentials?
My current setup doesn't seem to allow this and I can't find any documentation saying this is not possible
I have configured an X509 Direct grant flow using X509/Validate Username(X.509 Config)
This is configured to take the Subjects Common Name, with the attribute "NAME"
I have configured a trust store with 1 certificate (want to share this across users)
When I add the Subject Common Name to user 1's attribute, they then require the key pair to generate a token, however once I share the same attribute details to user 2, both user 1 and 2 stop working. Maybe I am missing some configuration that will allow my users to share the same certificate
I ideally do not want to have one certificate per user as this will get out of hand to manage, as the population of the realm increases
Kind Regards,
Chirag Unnadkat
Business Analyst
Cerillion plc
E. chirag.unnadkat at cerillion.com<mailto:chirag.unnadkat at cerillion.com>
T. 0207 9276029
W. www.cerillion.com<http://www.cerillion.com/>
Addr. 25 Bedford Street, London, WC2E 9ES, UK
________________________________
Cerillion Technologies Limited is a limited liability company registered in England No. 3849601 with Registered Office at 25 Bedford Street, London WC2E 9ES. VAT registration No. 743 8054 29. Website www.cerillion.com<http://www.cerillion.com>
This email and any attachments with it are intended for the addressee only. It is confidential and may be the subject of legal and/or professional privilege. If you have received this email in error please notify the sender, destroy any copies and delete from your computer systems as any use, disclosure, dissemination, forwarding, printing or copying is strictly prohibited. The content may be personal or contain personal opinions and cannot be taken as an expression of Cerillion's position. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
Cerillion reserves the right to monitor all incoming and outgoing mail. Whilst every care has been taken to check this outgoing email for viruses, it is your responsibility to carry out any checks upon receipt.
________________________________
More information about the keycloak-user
mailing list