<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I think you'd be better served having public clients and developing
cert auth for users via our auth spi, as these are users aren't
they? They aren't clients in the sense of what Keycloak thinks of
as a client. A client in keycloak is really a service or web app.<br>
<br>
<div class="moz-cite-prefix">On 1/13/2016 2:43 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAcUH=CSwHFXh5xzyzMxgCrxM0RfnVTR5KsdNN9qTCMiHQ@mail.gmail.com"
type="cite">
<div dir="ltr">As Bill said we haven't tested with loads of
clients, but we need to be able to scale to hundreds or probably
thousand clients at least. So if you run into issues with it let
us know and we'll look into it.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 13 January 2016 at 01:18,
Aikeaguinea <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:aikeaguinea@xsmail.com" target="_blank">aikeaguinea@xsmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I'd say
we're talking on the order of a hundred to start with; this<br>
could ramp up to multiples of that within a year or two. I
imagine the<br>
thing to do would be for us to do some stress testing of our
own.<br>
<div class="HOEnZb">
<div class="h5"><br>
On Tue, Jan 12, 2016, at 06:57 PM, Bill Burke wrote:<br>
> How many devices you talking about? I think it may
become an issue as<br>
> we haven't really stressed and benched with tons
(hundreds/thousands) of<br>
> clients.<br>
><br>
> On 1/12/2016 6:08 PM, Aikeaguinea wrote:<br>
> > We have a number of devices that need to
access APIs; for various<br>
> > reasons we need to use client certificates for
this purpose.<br>
> ><br>
> > I have noticed that Keycloak will allow
service accounts to authenticate<br>
> > using client certificates and that these
certificates can be generated<br>
> > within Keycloak. This looks like it fits our
needs well -- when we set<br>
> > up a new device we would need to set up a new
client and service account<br>
> > for it in Keycloak. I've verified through
testing that we can make this<br>
> > work.<br>
> ><br>
> > Ultimately we may have to manage a fairly
large number of devices, say<br>
> > in the hundreds. Is there any reason that
Keycloak would limit us in the<br>
> > number of clients we could create and manage
in this way?<br>
> ><br>
><br>
> --<br>
> Bill Burke<br>
> JBoss, a division of Red Hat<br>
> <a moz-do-not-send="true"
href="http://bill.burkecentral.com" rel="noreferrer"
target="_blank">http://bill.burkecentral.com</a><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">--<br>
Aikeaguinea<br>
<a moz-do-not-send="true"
href="mailto:aikeaguinea@xsmail.com">aikeaguinea@xsmail.com</a><br>
<br>
--<br>
<a moz-do-not-send="true" href="http://www.fastmail.com"
rel="noreferrer" target="_blank">http://www.fastmail.com</a>
- Or how I learned to stop worrying and<br>
love email again<br>
</font></span>
<div class="HOEnZb">
<div class="h5"><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>