Dynamic client registration

This topic contains 1 reply, has 1 voice, and was last updated by  pratik.sayare 3 weeks ago.

  • Author
    Posts
  • #26985
     pratik.sayare 
    Participant

    Hi,

    I am trying to do dynamic client registration Example with Mutual TLS Authentication
    https://backstage.forgerock.com/docs/am/6.5/oauth2-guide/#register-oauth2-client-dynamic-mTLS

    Using self signed certificate i can register client successfully. I use random value in tls_client_auth_subject_dn, still can register client successfully. Is this expected?

    When I changed token_endpoint_auth_method to tls_client_auth and random tls_client_auth_subject_dn,(self signed certificate not added to secret store) still can register client successfully. As per my understanding, with tls_client_auth the registration should fail. Let me know if I am missing any configuration for the correct behavior.

    #26986
     pratik.sayare 
    Participant

    Below is my request:-

    curl -k –request POST –header “Content-Type: application/json” –data ‘{
    “tls_client_auth_x509_cert”: “MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDVQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1wYmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnHYMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpnfajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPqPvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVkaZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTqgawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==”,
    “client_type”: “Confidential”,
    “grant_types”: [“authorization_code”, “client_credentials”],
    “response_types”: [“code”, “token”],
    “redirect_uris”: [“https://client.example.com:8443/callback”],
    “token_endpoint_auth_method”: “tls_client_auth”,
    “tls_client_auth_subject_dn”: “CN=myOauth2Clientxxxxx”,
    “tls_client_certificate_bound_access_tokens”: true
    }’ https://test.com:8443/am1/oauth2/realms/root/realms/123/register

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?