I am trying to implement a federated oidc authenticator in Wso2 identityserver 5.2.0. After I succeeded configuring this connection, the federated authenticator implemented more strict security rules. Client do have to authenticate with a client certificate. I have imported the signing authority into the client trust store and the client certificate into the wso2carbon keystore. Running the code standalone with these keystore works fine. So I have no issue with the keystores.
But when I run the code in Wso2 with ssl debug I see the output:
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, Unknown (hash:0x8, signature:0x7), Unknown (hash:0x8, signature:0x9), Unknown (hash:0x8, signature:0xa), Unknown (hash:0x8, signature:0xb), Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, signature:0x5), Unknown (hash:0x8, signature:0x6), SHA256withRSA, SHA384withRSA, SHA512withRSA, Unknown (hash:0x3, signature:0x3), SHA1withECDSA, Unknown (hash:0x3, signature:0x1), SHA1withRSA, Unknown (hash:0x3, signature:0x2), SHA1withDSA, SHA256withDSA, Unknown (hash:0x5, signature:0x2), Unknown (hash:0x6, signature:0x2)
Cert Authorities:
<CN=TTP...>
<OU=VeriSign...>
<CN=TTP..>
<CN=INSI...>
http-nio-9443-exec-46, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client
authentication
*** Certificate chain
<Empty>
***
The client certificate can not be found. In the standalone code I the client certificate found using the same keystores.
Is there some extra configuration needed in Wso2?
