KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication

This commit is contained in:
Takashi Norimatsu 2019-10-01 11:15:32 +09:00 committed by Marek Posolda
parent 7c75546eac
commit 6c9cf346c6
3 changed files with 3 additions and 1 deletions

View file

@ -161,6 +161,7 @@ public class X509ClientAuthenticator extends AbstractClientAuthenticator {
public Set<String> getProtocolAuthenticatorMethods(String loginProtocol) {
if (loginProtocol.equals(OIDCLoginProtocol.LOGIN_PROTOCOL)) {
Set<String> results = new HashSet<>();
results.add(OIDCLoginProtocol.TLS_CLIENT_AUTH);
return results;
} else {
return Collections.emptySet();

View file

@ -98,6 +98,7 @@ public class OIDCLoginProtocol implements LoginProtocol {
public static final String CLIENT_SECRET_POST = "client_secret_post";
public static final String CLIENT_SECRET_JWT = "client_secret_jwt";
public static final String PRIVATE_KEY_JWT = "private_key_jwt";
public static final String TLS_CLIENT_AUTH = "tls_client_auth";
// https://tools.ietf.org/html/rfc7636#section-4.3
public static final String CODE_CHALLENGE_PARAM = "code_challenge";

View file

@ -136,7 +136,7 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
Assert.assertNames(oidcConfig.getIdTokenEncryptionEncValuesSupported(), JWEConstants.A128CBC_HS256, JWEConstants.A128GCM);
// Client authentication
Assert.assertNames(oidcConfig.getTokenEndpointAuthMethodsSupported(), "client_secret_basic", "client_secret_post", "private_key_jwt", "client_secret_jwt");
Assert.assertNames(oidcConfig.getTokenEndpointAuthMethodsSupported(), "client_secret_basic", "client_secret_post", "private_key_jwt", "client_secret_jwt", "tls_client_auth");
Assert.assertNames(oidcConfig.getTokenEndpointAuthSigningAlgValuesSupported(), Algorithm.RS256);
// Claims