KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication
This commit is contained in:
parent
7c75546eac
commit
6c9cf346c6
3 changed files with 3 additions and 1 deletions
|
@ -161,6 +161,7 @@ public class X509ClientAuthenticator extends AbstractClientAuthenticator {
|
|||
public Set<String> getProtocolAuthenticatorMethods(String loginProtocol) {
|
||||
if (loginProtocol.equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
|
||||
Set<String> results = new HashSet<>();
|
||||
results.add(OIDCLoginProtocol.TLS_CLIENT_AUTH);
|
||||
return results;
|
||||
} else {
|
||||
return Collections.emptySet();
|
||||
|
|
|
@ -98,6 +98,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
|||
public static final String CLIENT_SECRET_POST = "client_secret_post";
|
||||
public static final String CLIENT_SECRET_JWT = "client_secret_jwt";
|
||||
public static final String PRIVATE_KEY_JWT = "private_key_jwt";
|
||||
public static final String TLS_CLIENT_AUTH = "tls_client_auth";
|
||||
|
||||
// https://tools.ietf.org/html/rfc7636#section-4.3
|
||||
public static final String CODE_CHALLENGE_PARAM = "code_challenge";
|
||||
|
|
|
@ -136,7 +136,7 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
|
|||
Assert.assertNames(oidcConfig.getIdTokenEncryptionEncValuesSupported(), JWEConstants.A128CBC_HS256, JWEConstants.A128GCM);
|
||||
|
||||
// Client authentication
|
||||
Assert.assertNames(oidcConfig.getTokenEndpointAuthMethodsSupported(), "client_secret_basic", "client_secret_post", "private_key_jwt", "client_secret_jwt");
|
||||
Assert.assertNames(oidcConfig.getTokenEndpointAuthMethodsSupported(), "client_secret_basic", "client_secret_post", "private_key_jwt", "client_secret_jwt", "tls_client_auth");
|
||||
Assert.assertNames(oidcConfig.getTokenEndpointAuthSigningAlgValuesSupported(), Algorithm.RS256);
|
||||
|
||||
// Claims
|
||||
|
|
Loading…
Reference in a new issue