X.509 smartcard and self-registration

ToniA · March 2, 2024, 5:11pm

I was wondering if it possible to have self-registration using the X.509 certificate on the ID card?

The certificate DN includes everything I need for registering a new user, i.e.

First name
Last name
Identification number

Ideally, I would like to create a new user with these attributes, without a possibility to set any credentials, as only X.509 authentication would be used. Authorization, i.e. roles/groups, would of course need to be done separately.

embesozzi · March 6, 2024, 7:27pm

Yes, it’s possible with custom SPIs. Perhaps it will be easier to solve everything in the authentication journey. I would say some kind of JIT (Just-in-Time Provisioning) based on the user certificate information. Easy peasy

ToniA · March 7, 2024, 8:01am

Would you happen to have any examples, links etc? The best I could find is java - Keycloak Attempting to create a user from information from x509 certificate: AuthenticationFlowException Not found serialized context in clientSession - Stack Overflow

Topic		Replies	Views
X509は発行者dnのみで認証できないか Getting advice	0	127	November 9, 2023
Registration to MSAD with client certificate user ID Configuring the server	0	342	March 16, 2021
Direct grant + automatic user creation + postponed authorization Getting advice	2	353	August 12, 2022
Identity Provider custom UsernameTemplateMapper	0	108	December 18, 2023
Verify self-registered user with credit-card payment Getting advice	0	388	October 27, 2020

X.509 smartcard and self-registration

Related Topics