Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-3031

Fix CRL verification failing due to client cert not being in chain [7.6.x]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • RH-SSO-7.6.8
    • None
    • None
    • False
    • None
    • False

      When we Enable X509 Browser certificate authentication and turn CRL checking on with the CRL file option, the user always fails to authenticate. This seems to be due to Keycloak expecting a chain of certificates from the Client cert rather than just the client cert.

              mposolda@redhat.com Marek Posolda
              rhn-support-wfink Wolf Fink
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: