[keycloak-user] Set key at realm creation or replace an existing key
triton oidc
triton.oidc at gmail.com
Wed Aug 8 10:41:26 EDT 2018
Hi Sebastien,
Thanks a lot for the answer, that's the thing i was looking for something
like this, and didn't thought looking in this direction.
I should be able to make it work.
@Dmitry
if i can make it work, you solution seems pretty cool too
Should i succeed, i'll explain how if it can help someone else
Thanks again
Amaury
On Wed, Aug 8, 2018 at 12:42 PM, Dmitry Telegin <dt at acutus.pro> wrote:
> Hi,
>
> Sebastian has answered you already, but here's another method that might
> be helpful for you ore someone else...
>
> Realm keys are stored as "component configs" (o.k.models.jpa.entities.
> ComponentConfigEntity)
> If I'm not mistaken, these are exposed via REST
> (o.k.services.resources.admin.ComponentResource)
> So theoretically you should be able to modify them on a live realm. Didn't
> try this with kcadm, but feel free to try yourself and report :)
>
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Wed, 2018-08-08 at 09:47 +0000, triton oidc wrote:
> > Hi,
> >
> > i'm trying to do an openshift based implementation.
> >
> > Two server (Keycloak and a relying party RP)
> > They cannot communicate, but the RP is supposed to verify Keycloak's
> token.
> > For that he needs to have the public key of the realm.
> >
> > When my pod (Docker instance) restart, i re-create the same realm, with
> the
> > same clientID,
> > but of course the realm's key is a newly generated one.
> >
> > I saw in an old documentation that it was possible to upload a key
> > https://www.keycloak.org/docs/1.9/server_admin_guide/topics/
> realms/keys.html
> >
> > I didn't found the certificate in the json from
> > kcadm.sh get realms
> > so i don't think it's going to help using a
> > kcadm.sh create realm --file [my_json_with_the_certificate_in_it]
> >
> > What I would like to do is set the key at the realm creation, or modify
> it
> > just after it's creation.
> >
> > If anyone has a clue, or can just confirm me that it's not possible
> >
> > Thanks a lot
> >
> > Amaury
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list