[keycloak-dev] Certificate on realm
Bill Burke
bburke at redhat.com
Wed Nov 5 09:12:12 EST 2014
Probably shouldn't be exposing them. I can't think of any reason why we
should.
On 11/5/2014 9:07 AM, Stian Thorgersen wrote:
> Doh! I get it now, the certificate is created from the realms key-pair. Keycloak signs with private key, client checks with certificate.
>
> BTW we're currently exposing the realm private key and the new code secret through the admin rest endpoints. This isn't really a good thing is it?
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 5 November, 2014 3:01:17 PM
>> Subject: Re: [keycloak-dev] Certificate on realm
>>
>> It is used by SAML. With SAML, there is an IDP XML descriptor and it
>> publishes certificates, not public keys. IMO, we should probably start
>> to move to certificates rather than public keys anyways. Also, if we
>> ever add client cert support, I'd like client certs signed by this realm
>> certificate.
>>
>> On 11/5/2014 8:37 AM, Stian Thorgersen wrote:
>>> What's the purpose of the x509 certificate on the RealmModel and in admin
>>> console? I can't find any usage of it in the code.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list