The structure of the docs for X509 certificate authentication is broken.
If I look at the docs for "Kerberos Troubleshooting" in this section: http://www.keycloak.org/docs/latest/server_admin/index.html#troubleshooting there is paragraph "Add system properties -Dsun.security.krb5.debug=true and -Dsun.security.spnego.debug=true" . This should be the last thing related to Kerberos.
Then next part should be the head of the X509 section. Currently there is this:
All the other sections of chapter 6 (6.6 - 6.10) are related to X509 and hence should be instead structured under the X509 section. In other words, the structure and section heads should be something like:
- 6.6 X.509 Client Certificate User Authentication
- 6.6.1 Features
- 6.6.2 Enable X.509 Client Certificate User Authentication
- 6.6.3 Adding X.509 Client Certificate Authentication to a Browser Flow
- 6.6.4 Adding X.509 Client Certificate Authentication to a Direct Grant Flow
- 6.6.5 Troubleshooting