<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Ok thanks I will check and let you know if I have problems.<br>
<br>
Best,<br>
Jerome<br>
<br>
<div class="moz-cite-prefix">Le 19/02/2016 17:13, Marko Strukelj a
écrit :<br>
</div>
<blockquote
cite="mid:CA+1OW+hWREMq-7Nq3jjKUo_eVko-QbSqptdsXbMww5Z6oAn2PQ@mail.gmail.com"
type="cite">
<div dir="ltr">:)
<div><br>
</div>
<div>Bill can confirm, but I think -Djavax.net.ssl.trustStore
should work on the adapter side, and using adapter
'truststore' property is optional. If set it overrides Java
runtime trustore config, if not java runtime truststore is
used.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 19, 2016 at 5:01 PM, Bill
Burke <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> So, how do you like
the new keycloak logo?
<div>
<div class="h5"><br>
<br>
<div>On 2/19/2016 10:55 AM, Marko Strukelj wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">That's just an expression used when
someone steers the thread into an unrelated topic
:)<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 19, 2016 at
4:39 PM, Jeremy Simon <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jeremy@jeremysimon.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jeremy@jeremysimon.com">jeremy@jeremysimon.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<p dir="ltr">Sorry, I simply misunderstood.
Not try to hijack anything... What good
would that do??</p>
<div>
<div>
<div class="gmail_quote">On Feb 19, 2016
9:53 AM, "Marko Strukelj" <<a
moz-do-not-send="true"
href="mailto:mstrukel@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mstrukel@redhat.com">mstrukel@redhat.com</a></a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Please don't hijack a
thread. These sound like two
separate issues. Here we are
talking about getting client
adapter to connect to https
protected Keycloak server - which
requires that some truststore is
used by HttpClient library used by
adapter.
<div><br>
</div>
<div>What you are talking about -
realm keys - is something
completely different, and has
nothing to do with a truststore.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri,
Feb 19, 2016 at 3:10 PM, Jeremy
Simon <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jeremy@jeremysimon.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jeremy@jeremysimon.com">jeremy@jeremysimon.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">Hey
there,<br>
<br>
I had asked about this a while
ago too. Far as I know, the
current<br>
implementation uses the jks
for the HTTPS communication
only. All<br>
realms generate their own key
pair.<br>
<br>
Now to get around that, maybe
you could export a realm to
JSON, put in<br>
what you want for the key
information and import it as a
new realm or<br>
server configuration. That
might be a little crazy. The
more I<br>
thought about it, since the
realm key pairs are for
signing and<br>
encrypting the JWTs (or saml),
that it's kinda nice you can
hit a key<br>
and generate new ones in case
of a compromise...or to keep
stuff<br>
revolving.<br>
<br>
Hope that helps!<br>
<br>
jeremy<br>
<a moz-do-not-send="true"
href="mailto:jeremy@jeremysimon.com"
target="_blank">jeremy@jeremysimon.com</a><br>
<a moz-do-not-send="true"
href="http://www.JeremySimon.com"
rel="noreferrer"
target="_blank">www.JeremySimon.com</a><br>
<div>
<div><br>
<br>
On Fri, Feb 19, 2016 at
8:41 AM, Jérôme Revillard
<<a
moz-do-not-send="true"
href="mailto:jrevillard@gnubila.fr"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jrevillard@gnubila.fr">jrevillard@gnubila.fr</a></a>>
wrote:<br>
> Any advise for this
please ?<br>
><br>
> Best,<br>
> Jerome<br>
><br>
><br>
> Le 17/02/2016 11:19,
Jérôme Revillard a écrit :<br>
><br>
> Yes, it seems to be
the case for the server,
but not for the clients.
See<br>
> the trustore config
description here:<br>
> <a
moz-do-not-send="true"
href="https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config">https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a></a><br>
><br>
> Best,<br>
> Jerome<br>
><br>
> Le 17/02/2016 11:09,
Bruno Oliveira a écrit :<br>
><br>
> I'm not sure if I got
your question in the right
way. But from my<br>
> understanding Java
truststore is the standard
fall back.<br>
><br>
> See item 3.2.5<br>
> <a
moz-do-not-send="true"
href="https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html">https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html</a></a><br>
><br>
> On Wed, Feb 17, 2016
at 6:07 AM Jérôme
Revillard <<a
moz-do-not-send="true"
href="mailto:jrevillard@gnubila.fr"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jrevillard@gnubila.fr">jrevillard@gnubila.fr</a></a>><br>
> wrote:<br>
>><br>
>> Dear all,<br>
>><br>
>> I'm testing now a
Keycloak server properly
configured with https<br>
>> configuration.<br>
>> The server
certificate is one which
is already known by the
default java<br>
>> trustore.<br>
>> Would it be
possible to setup the
keycloak.json adapter
config to use<br>
>> this default java
trustore ?<br>
>><br>
>> Best,<br>
>> Jerome<br>
>><br>
>>
_______________________________________________<br>
>> keycloak-user
mailing list<br>
>> <a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br>
>> <a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br>
><br>
><br>
><br>
>
_______________________________________________<br>
> keycloak-user mailing
list<br>
> <a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br>
> <a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br>
><br>
><br>
>
_______________________________________________<br>
> keycloak-user mailing
list<br>
> <a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br>
> <a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</div>
<span class="HOEnZb"><font color="#888888">
<pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a moz-do-not-send="true" href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</font></span></div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
</body>
</html>