You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The /admin path in our Keycloak instance is exposed to the public. Some of our admin users require access to the admin console. keycloak-config-cli is accessing Keycloak through an internal path though.
To add a layer of security, all our admin accounts use 2FA,
but this constraint blocks us from using keycloak-config-cli.
Since Keycloak supports x509 client authentication I would like to see keycloak-config-cli to support it. It would allow keycloak-config-cli to use a secure communications channel and would be a safe workaround for the 2FA requirement (in our use case).
Problem Statement
The
/adminpath in our Keycloak instance is exposed to the public. Some of our admin users require access to the admin console.keycloak-config-cliis accessing Keycloak through an internal path though.To add a layer of security, all our admin accounts use 2FA,
but this constraint blocks us from using
keycloak-config-cli.Since Keycloak supports x509 client authentication I would like to see
keycloak-config-clito support it. It would allowkeycloak-config-clito use a secure communications channel and would be a safe workaround for the 2FA requirement (in our use case).Proposed Solution
Implement four new flags (following the flags from: https://www.keycloak.org/server/enabletls):
If they are set, use certificates to communicate with the Keycloak instance.
Looking at the implementation on Keycloak side it looks easy with Quarkus. Not so sure about the JBoss library used here.
Environment
Additional information
No response
Acceptance Criteria
The text was updated successfully, but these errors were encountered: