mTLS access but login provider if no certificate provided

nisse_axelsson · March 30, 2024, 7:02pm

Hello,

I have a Nextcloud-server behind a cloudflare tunnel, everything is working. But I am struggling with limiting access to the server in a way that satisfies my needs.

Use cases:

Browser access from “any” device, preferably by authenticating through an idP.
Automatic authentication through certificates, enabling apps and programs to access it.

I have figured out how to set up the two ways of authentication, but not the way I want. The idP login is set up as an application in Zero Trust.
The automatic authentication is set up through with a client certificate and mTLS rules.

My goal is for it to work like this: If no valid certificate is provided, the user has to login through the idP.
If a valid certificate is provided, the idP check is bypassed.

Is this possible to achieve?

Thank you very much!

nisse_axelsson · March 30, 2024, 7:10pm

Edit: The mTLS-authentication is implemented as a WAF rule.

system · April 14, 2024, 7:10pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use Access wt Android app w/out user authenticate via identity provider? Access	5	3795	October 18, 2019
TLS Client Certificate for Android Security	4	8483	November 7, 2021
mTLS Client control for specific Origin Servers Security	8	4489	June 19, 2021
Cliente Passing Certificate SSL Security JanJam	3	2303	February 27, 2021
Access and Authenticating Apps Access	6	4298	February 18, 2021

mTLS access but login provider if no certificate provided

Related topics