I want to setup authentication to KeyCloak using X509 user certificate. We currently using AD, and every user has it own X509 certificate. I cannot use CN as username, as we have few duplicated user CN withing AD. My plan was to use certificate DN as username. Let say our certificates has following DN: DC=dom,DC=company,OU=city,CN=user name,E=user.name@company.com. I was managed to cut last portion of DN using regex, (mutch subject DN using regex), but the format of the user Distinguished name from active directory is different, vise versa to certificate. CN=user name,OU=city,DC=company,DC=dom. And therefore i cannot use it as username field to match.
Is there any way to implement such authentication? Some kind of ad mapper which can convert ВТ so some custom field and than use it for match?