<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
You can upload client certs for saml clients, but I think we have a
attribute size problem for large cert chains.<br>
<br>
<div class="moz-cite-prefix">On 1/27/2016 5:17 AM, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAdpFn=fTb6bq_0qGXuMuit_ZO0ibq=Ea46u-ewiRfrYpg@mail.gmail.com"
type="cite">
<div dir="ltr">We don't support uploading the realm keys through
the admin console at the moment. However, you should be able to
use the admin endpoints to manually set it. Should be relatively
easy to add though, so you can create a JIRA to request it, but
you're actually the first to request it.<br>
<div><br>
</div>
<div>With regards to clients we don't have an elegant way to
deal with this. What we have is if the public key is not
specified in the client config it will download it from
Keycloak at startup, so if you restart your clients after
creating new keys it should work. Ideally Keycloak should send
a message to the clients to notify them that the keys have
changed so they can re-fetch from Keycloak, but that hasn't
been implemented yet. Again, feel free to request that.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 25 January 2016 at 11:50, Raghuram
Prabhala <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:prabhalar@yahoo.com" target="_blank">prabhalar@yahoo.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div
style="color:#000;background-color:#fff;font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div><span>Dev team - any comments on the commercial
certificates instead of the ones created by
Keycloak?</span></div>
<div><span><br>
</span></div>
<div><span>Raghu</span></div>
<div><br>
</div>
<div style="display:block">
<div class="hm HOEnZb"> </div>
<div style="font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div class="hm HOEnZb"> </div>
<div style="font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida
Grande,sans-serif;font-size:16px">
<div class="hm HOEnZb">
<div dir="ltr"> <font size="2" face="Arial">
<hr size="1"> <b><span
style="font-weight:bold">From:</span></b>
Raghuram Prabhala <<a
moz-do-not-send="true"
href="mailto:prabhalar@yahoo.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:prabhalar@yahoo.com">prabhalar@yahoo.com</a></a>><br>
<b><span style="font-weight:bold">To:</span></b>
Keycloak-user <<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>>
<br>
<b><span style="font-weight:bold">Sent:</span></b>
Thursday, January 21, 2016 2:23 PM<br>
<b><span style="font-weight:bold">Subject:</span></b>
Realm Certificate from commercial Vendors<br>
</font> </div>
</div>
<span class="">
<div><br>
<div>
<div>
<div
style="color:#000;background-color:#fff;font-family:Courier
New,courier,monaco,monospace,sans-serif;font-size:13px">
<div><br>
</div>
<div>I have a question about the
Certificate/private key which is
generated today by Keycloak. But
rather than use that certificate ,is
there any way we can use a commercial
Certificate from Vendors like
Verisign? When that certificate
expires, how do we generate/upload a
new certificate (lifecycle) and handle
the switch over to a new certificate
with minimal impact to any of the
client who will have to download the
new certificate and use it when KC
starts using the new one?</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
</div>
</div>
</div>
</div>
<br>
<br>
</div>
</span></div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>