I’ve followed several guides. Most seem consistent. I’ve added a ssl-realm and https-listener as such…
<security-realm name="ssl-realm">
<server-identities>
<ssl>
<keystore path="application.keystore"
relative-to="jboss.server.config.dir"
keystore-password="password"/>
</ssl>
</server-identities>
<authentication>
<truststore path="truststore-dod.jks"
relative-to="jboss.server.config.dir"
keystore-password="password"/>
</authentication>
</security-realm>
<https-listener name="default"
socket-binding="https"
security-realm="ssl-realm"
verify-client="REQUIRED"/>
I’ve configured a Realm’s Authentication for a x509/Validate Username Form (and without the Form). I’ve changed the Browser and Direct Grant Flow to the new Authentication Flow.
However the Browser is NEVER prompted to select my CAC’s certificate. I’m using keycloak in Docker Desktop and using docker cp to copy changes over to /opt/jboss/keycloak/standalone/configuration/standalone.xml and using the cli tool to restart.
To be honest I don’t see the connection between the Realm and the Listener. I suppose it’s built into the x509/Validate Username Form adapter, but in any case nothing seems to work.
Any help would be appreciated.