You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using the new admin UI, OAuth 2.0 Mutual TLS Certificate Bound Access Tokens does not work anymore.
After toggling the feature ON in the UI, the access tokens generated by Keycloak are not bound the provided client certificate (i.e. No cnf claim)
Looking further into this, the culprit is admin-ui/src/clients/advanced/AdvancedSettings.tsx which set the related client attribute tls-client-certificate-bound-access-tokens instead of tls.client.certificate.bound.access.tokens.
Describe the bug
When using the new admin UI, OAuth 2.0 Mutual TLS Certificate Bound Access Tokens does not work anymore.
After toggling the feature
ON
in the UI, the access tokens generated by Keycloak are not bound the provided client certificate (i.e. Nocnf
claim)Looking further into this, the culprit is admin-ui/src/clients/advanced/AdvancedSettings.tsx which set the related client attribute
tls-client-certificate-bound-access-tokens
instead oftls.client.certificate.bound.access.tokens
.The latest seems to be the correct value as evidenced by admin-ui/src/clients/AdvancedTab.tsx and OIDCConfigAttributes.java
Version
21.0.1
Environment
Browser chrome - version 110.0.5481.178
Expected behavior
The UI can correctly enable client tls certificate bound access token and have access token generated with
cnf
claim like belowActual behavior
The UI toogle for client tls certificate bound access token set the wrong client attributes which result in no activation of the feature at all.
How to Reproduce?
See the
README
of hold-of-key-token-issue-reproduction.zip project.It provide a Docker Compose stack to reproduce the issue and manual correction with a one-line command.
Anything else?
No response
The text was updated successfully, but these errors were encountered: