cd-rite
commented
1 year ago Hi @decafgeek The example uses a custom provider modified from this project that extends the built-in X.509 authenticator. The custom provider will create a new user account if a certificate cannot be mapped to an existing account. It did require some (I believe, minimal) changes from the base project. I'll see if I can find them for you.
Just FYI - This repo is just designed to demonstrate the principles involved in getting STIGMan running behind nginx with x509 authentication, That user creator extension is not required for STIG Manager and is just included to streamline that demo. It would probably not be included in any production deployment!
Would it be possible to post the source to the custom KC provider used in this orchestration example? The provided JAR file does not appear to 'play nice' with later versions of KeyCloak due to changes in dependencies that are no longer present in Quarkus (JAX-RS?), so the code--in addition to understanding what goes on behind the scenes--would be helpful to try and resolve those issues going forward.