X509 Authentication "Hello World"

Hi there,

I’m trying to learn about client certificate authentication, but I got stuck and hopefully someone can lend me a hand :slight_smile:

  1. I’ve ran Keycloak as a docker image with a self-signed certificate for learning purposes:
    $ docker run -p 8443:8443 --name keycloak -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak

  2. Then I’ve followed the docs on how to enable x509 client authenticaiton:
    https://www.keycloak.org/docs/latest/server_admin/index.html#adding-x-509-client-certificate-authentication-to-a-browser-flow]

  3. Now I’m stuck :confused: on how to test it? Because when I access the login form it shows the normal username/password login form.

Note*: if I mark ‘X509/Validate Username Form’ as ‘Required’ and try to access the login form, Keycloak simply returns Invalid username or password.