[keycloak-user] import SAML keys via command line

Pieter Lukasse pieter at thehyve.nl
Wed Sep 20 05:14:18 EDT 2017 

Hi John,

thanks for your replies. I might have cause some confusion by not stating
the question clearly. I did have a screenshot in my initial post, but this
is apparently not allowed...so I will try with words :)

I am referring to the process of importing SAML keys when you are using the
Administration console (from your browser). Go to "Clients" menu item,
select a SAML client, and then click on "SAML Keys" tab. There you can
import the keys. Now I am looking for a command line alternative for this,
so I don't have to use the web page.

Thanks,

Pieter


www.thehyve.nl
E pieter at thehyve.nl
T +31(0)30 700 9713
M +31(0)6 28 18 9540
Skype pieter.lukasse


We empower scientists by building on open source software

2017-09-19 19:04 GMT+02:00 John Dennis <jdennis at redhat.com>:

> On 09/19/2017 11:24 AM, John Dennis wrote:
>
>> On 09/19/2017 06:43 AM, Pieter Lukasse wrote:
>>
>>> Hi,
>>>
>>> I have a .jks file which I would like to import into keycloak using the
>>> command line instead of the "SAML keys" page (in SAML client config
>>> page).
>>>
>>> I cannot find any command for this here http://www.keycloak.org/
>>> docs/3.3/server_admin/topics/admin-cli.html
>>>
>>> Is this just missing or is the documentation incomplete? Can someone help
>>> me on this one?
>>>
>>
>> You can import using the Java keytool utility, but the import format
>> MUST be PKCS12.
>>
>> Note: replace xxx, key.pem & cert.pem with appropriate values, hopefully
>> it should be obvious which xxx matches in each command.
>>
>> First create a .p12 PKCS12 file:
>>
>> % openssl pkcs12 -export -name xxx -passout pass:xxx -in cert.pem -inkey
>> key.pem -out xxx.p12
>>
>> Then import the .p12 PKCS12 file into the keystore:
>>
>> % keytool -importkeystore -srckeystore xxx.p12 -srcstoretype PKCS12
>> -srcstorepass xxx -destkeystore keycloak.jks -deststorepass xxx -alias xxx
>>
>
> I may have misread your original question, I thought you were asking how
> to import a key. But if all you want to do is import the contents of
> another JAVA keystore then just use -importkeystore -srckeystore JKS. The
> keytool man page has keystore import examples, including both importing an
> entire keystore or juast a specific key from the keystore. See the man page
> for details.
>
>
> --
> John
>

More information about the keycloak-user mailing list