Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-7512

OAuth 2.0 Mutual TLS Client Authentication

    XMLWordPrintable

Details

    • Feature Request
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 4.0.0.Beta3
    • None
    • OIDC
    • None
    • NEW
    • NEW

    Description

      With the KEYCLOAK-6771 we have now support for "OAuth2 Mutual TLS Sender Constrained Access Tokens" on server-side. This is in the section 3 of this specification: https://tools.ietf.org/html/draft-ietf-oauth-mtls-07#section-3 .

      Will be good to have support for OAuth 2.0 Mutual TLS Client Authentication - there are 2 ways of doing it described in the section 2 - https://tools.ietf.org/html/draft-ietf-oauth-mtls-07#section-2 . Will be nice to support them on both server side and adapter's side.

      I am not sure if this will require changes to the Client Authentication SPI (both server and adapter side).

      Attachments

        Issue Links

          is related to

          Feature Request - Feature requests from customers and/or users KEYCLOAK-7635 Authenticate clients with x509 certificate

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Feature Request - Feature requests from customers and/or users KEYCLOAK-6771 Holder of Key mechanism: OAuth 2.0 Certificate Bound Access Tokens

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              mposolda@redhat.com Marek Posolda
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: