I’m working on this as well to get openLDAP working with Keyacloak and mutual SSL. So far, what I have found is the following.
Mutual SSL is turned on using the jboss cli or elytron’s tool that is distributed with wildfly. There isn’t any options in Keycloak’s UI for this. I found the following links helpful in understanding more.
https://docs.wildfly.org/18/WildFly_Elytron_Security.html#configure-ssltls
I’m having a hardtime how this differs with one way ssl where we have already defined where the truststore and keystore are defined in the standalone.xml’s stanza
We already have public certs in the truststore and private keys in the keystore. Not sure why and exactly what using jboss to setup truststores, trustmanagers, and other things does.
I can also see in the undertow subsystem mutual https looks like it is has config in there.
Also, in the socket-binding-group stanza I can see that https-mutual is set to have a different port.
I hope that if anyone else sees this question and has answers, they can add some clarity.