Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-5466

X.509 Auth - cannot login after an error

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • 3.4.0.CR1
    • 3.4.2.Final
    • Authentication
    • None
    • Hide
      1. Configure X.509 Authenticator
      2. Create a matching user
      3. Disable that user
      4. Try to login using a certificate --> error
      5. Enable that user (in a different browser session)
      6. Try to login again using certificate and the same browser session as in 4.
      7. X.509 Authentication is not performed, certificate is not validated - the same result as with no certificate provided
      Show
      Configure X.509 Authenticator Create a matching user Disable that user Try to login using a certificate --> error Enable that user (in a different browser session) Try to login again using certificate and the same browser session as in 4. X.509 Authentication is not performed, certificate is not validated - the same result as with no certificate provided
    • Hide

      Login using different auth method (username/password) and log out
      – OR –
      Reopen the browser

      Show
      Login using different auth method (username/password) and log out – OR – Reopen the browser
    • NEW
    • VERIFIED

    Description

      If any error is encountered during the X.509 auth process, the user is not given a second chance to login using a certificate, i.e. the X.509 Authenticator is not used anymore.

      I can imagine a few use cases when this could be a real problem:

      • user accidentally uses a different smart card (which stores the certificate) and then cannot login at all (say, he/she doesn't have a password set up)
      • admin is configuring an user account or the user account is not yet created (e.g. for a new hire) and the user tries to login --> fail, user cannot login anymore (unless he/she reopen the browser)

      Attachments

        Issue Links

          Activity

            People

              mposolda@redhat.com Marek Posolda
              rh_vmuzikar Václav Muzikář
              Václav Muzikář Václav Muzikář
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: