-
Keycloak must be configured to request the client certificate, to configure see the following item in Keycloak guide Enable X.509 Cliente Certificate User Authentication
-
Keycloak must be in execution
-
The project must be compiled e installed with the following deploy command
$ ./mvnw clean install wildfly:deploy
-
Copy the "login-icpbrasil-info.ftl" file to the folder "themes/base/login" that's inside the Keycloak install directory
-
Login in the administrative console.
-
Go to the "Authentication" page, in the "Flows" tab you will see the current authentication flows. It's not possible to alter the defaults, so you have to create or to copy one. Copy the "Browser" flow.
-
In your copy, click "Add Execution". Select "ICPBrasil/Validate Username Form" and click "Save"
-
Move the item "ICPBrasil/Validate Username Form" so that it is before "Browser Forms". Enable it by selecting "ALTERNATIVE" in the "Requirement" column. Configure it by going to the "Actions" column and clicking "Config".
-
In the configuration, in the item "User Identity Source", select one of the options related to ICPBrasil (Subject's CPF, Subject's CNPJ, Subject's CPF or CNPJ). Under "User mapping method" select "Username or Email". In the "A name of user attribute" fill in with "uid".