X509 Validate Username

Hello,

I am using the X509 Validate Username flow. My configuration is below -

In the logs I see that the certificate is being populated in the username field of the request and being validated there. Is this the default behavior? I wanted to map it to a custom field like cert.

Here are the logs of the request -

2024-11-26 17:37:54,391 WARN [org.keycloak.events] (executor-thread-392) type=“LOGIN_ERROR”, realmId=“cb4fd03e-7ddf-4a7c-ade5-06368ee6fea0”, realmName=“KafkaRealm”, clientId=“test”, userId=“null”, ipAddress=“192.168.65.1”, error=“invalid_user_credentials”, x509_cert_subject_distinguished_name=“CN=client, OU=Organizational Unit, O=Organization, L=City, ST=State, C=US”, auth_method=“openid-connect”, grant_type=“password”, x509_cert_issuer_distinguished_name=“CN=YourCA, OU=IT, O=YourOrg, L=City, ST=State, C=US”, client_auth_method=“client-secret”, x509_cert_serial_number=“138687676949265851931717252350970415527624656271”, username=“MIIEVTCCAj0CFBhK+HP00XOOlPTQ+ErbEpZNz0WPMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEQMA4GA1UECgwHWW91ck9yZzELMAkGA1UECwwCSVQxDzANBgNVBAMMBllvdXJDQTAeFw0yNDExMjIwMTUyMjdaFw0yNTExMjIwMTUyMjdaMHIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0eTEVMBMGA1UECgwMT3JnYW5pemF0aW9uMRwwGgYDVQQLDBNPcmdhbml6YXRpb25hbCBVbml0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI+RmPxOd1zcRTVNDmP/8Pvt7UWmbut1qE5RGMbF+g75Px3Y43zL2bVuoHhlnNrj0ye5xAUQhFz1fd5IeWe73dJq0ojWOHsg/hJd6Ngk7ckyr5YWos3Xn6a80zIspP2FgMmn3lqkxyuX2ZbNPNiX+TyKtmOr74spaUsAm41vu8XGjKfmwJ4ATnVlQv1oi+X3jENcTCcZU4R5p+3DRUhR9Qs3V4I6A9G9NHk05zGAW/b6sKcTCxkz7sUqLyFp1K2cuWBvMihNplKZDWiM/ATvAbDR5HeUWlTcqeDe69MljjTw+JdsgqKZEdyjtMNwRDBVooana1QFUiPx6rRg8CRCxfAgMBAAEwDQYJKoZIhvcNAQELBQADggIBALwXwjgp9fkCpEfquJTQd3VqYQByKfvWi/ZchgXw6fHfBiDIgikPbuqk8wF0+QuRxYyH8TL8gA0FssxQOK/ayKqWSSfNE3J69L0QXi1gwLhhjJfR+lUCgtE6FNy0xPkSZtGZEFHtlf8huL9lZA7EZbjGPDAE8BYHtdX6bX8EIU7NJTg2u67AvP2461a1Al5fmNl2jKtT3uVXy+jW0ONZir3ytscZMS1IpqVae0p2zVqySzHaboVpVlBHRramJfpCnslm0ZfPA7vRp7noEt3PlzLCIcJMGSxmmqS8IZz2KroC+/jhKK9IbuqUMz/CHd3NhPZmSmKGPHWFRkQXtl9wIjv2DorKO+ZmMPMpcqPIcAxA08g4OyjV+PjcAWmnnTEi4otKbq4+hW4eQHxjku/e9ffNenMCzBPO07sL5f8ZEUM8JAb1cOic7cel5k57SmrlPt8SjmDywJ0VO10YMKaThBEBCHcK0soQ4cYLtidW7ef+xJovyDvmav2N5rZEXh7VILJ01CYYq0AwMl0N9DmAyDkxC4JREYdNsPI50A4qA6reISN5lDRk54dmWjU7NmGiNIkMQgSLwLNOxHqx82NHOV+DSH/WUQNIhkuDtGgu19pZge2GKwFDJekrU6Qg+629dgcojNTSKNQetvbiNkOmhLqRRbTKLr9gg87S8WzyAQJ+”