[keycloak-user] Multiple Client Certificate Support?
Carrasco, Jonathan J (173F)
jonathan.j.carrasco at jpl.nasa.gov
Tue Apr 3 17:36:05 EDT 2018
Hello Everyone,
General question… does Keycloak support multiple certificates with different expirations. To allow for rolling client cert updates.
For example, I have keycloak with “cert1”, and I registered Client1 with “cert1” and Client2 with “cert1”. Now “cert1” expires.
Am I able to support two certificates, where I add/update Keycloak with “cert2”… so now there’s an old “cert1” and new “cert2” on Keycloak, and Client1 will reach Keycloak with old “cert1” and determine it needs the new “cert2”? And have this not break Client2 which will reach Keycloak at a later date with old “cert1” again.
Or… do I have to update Keycloak cert and re-federate all client applications or else they will break until they have the updated cert?
Thank you for your attention.
--
Jonathan Carrasco (173F)
Jet Propulsion Laboratory – California Institute of Technology
More information about the keycloak-user
mailing list