<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
So, how do you like the new keycloak logo?<br>
<br>
<div class="moz-cite-prefix">On 2/19/2016 10:55 AM, Marko Strukelj
wrote:<br>
</div>
<blockquote
cite="mid:CA+1OW+gGBZDFwyhS7LW5Wm2QMFjiS6wOZcrfAVfoJV3oYvyQiw@mail.gmail.com"
type="cite">
<div dir="ltr">That's just an expression used when someone steers
the thread into an unrelated topic :)<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 19, 2016 at 4:39 PM,
Jeremy Simon <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jeremy@jeremysimon.com" target="_blank">jeremy@jeremysimon.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Sorry, I simply misunderstood. Not try to
hijack anything... What good would that do??</p>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_quote">On Feb 19, 2016 9:53 AM,
"Marko Strukelj" <<a moz-do-not-send="true"
href="mailto:mstrukel@redhat.com" target="_blank">mstrukel@redhat.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Please don't hijack a thread. These
sound like two separate issues. Here we are
talking about getting client adapter to connect
to https protected Keycloak server - which
requires that some truststore is used by
HttpClient library used by adapter.
<div><br>
</div>
<div>What you are talking about - realm keys -
is something completely different, and has
nothing to do with a truststore.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 19, 2016 at
3:10 PM, Jeremy Simon <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jeremy@jeremysimon.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jeremy@jeremysimon.com">jeremy@jeremysimon.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">Hey there,<br>
<br>
I had asked about this a while ago too. Far
as I know, the current<br>
implementation uses the jks for the HTTPS
communication only. All<br>
realms generate their own key pair.<br>
<br>
Now to get around that, maybe you could
export a realm to JSON, put in<br>
what you want for the key information and
import it as a new realm or<br>
server configuration. That might be a
little crazy. The more I<br>
thought about it, since the realm key pairs
are for signing and<br>
encrypting the JWTs (or saml), that it's
kinda nice you can hit a key<br>
and generate new ones in case of a
compromise...or to keep stuff<br>
revolving.<br>
<br>
Hope that helps!<br>
<br>
jeremy<br>
<a moz-do-not-send="true"
href="mailto:jeremy@jeremysimon.com"
target="_blank">jeremy@jeremysimon.com</a><br>
<a moz-do-not-send="true"
href="http://www.JeremySimon.com"
rel="noreferrer" target="_blank">www.JeremySimon.com</a><br>
<div>
<div><br>
<br>
On Fri, Feb 19, 2016 at 8:41 AM, Jérôme
Revillard <<a moz-do-not-send="true"
href="mailto:jrevillard@gnubila.fr"
target="_blank">jrevillard@gnubila.fr</a>>
wrote:<br>
> Any advise for this please ?<br>
><br>
> Best,<br>
> Jerome<br>
><br>
><br>
> Le 17/02/2016 11:19, Jérôme
Revillard a écrit :<br>
><br>
> Yes, it seems to be the case for
the server, but not for the clients. See<br>
> the trustore config description
here:<br>
> <a moz-do-not-send="true"
href="https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config"
rel="noreferrer" target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a><br>
><br>
> Best,<br>
> Jerome<br>
><br>
> Le 17/02/2016 11:09, Bruno Oliveira
a écrit :<br>
><br>
> I'm not sure if I got your question
in the right way. But from my<br>
> understanding Java truststore is
the standard fall back.<br>
><br>
> See item 3.2.5<br>
> <a moz-do-not-send="true"
href="https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html"
rel="noreferrer" target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html</a><br>
><br>
> On Wed, Feb 17, 2016 at 6:07 AM
Jérôme Revillard <<a
moz-do-not-send="true"
href="mailto:jrevillard@gnubila.fr"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jrevillard@gnubila.fr">jrevillard@gnubila.fr</a></a>><br>
> wrote:<br>
>><br>
>> Dear all,<br>
>><br>
>> I'm testing now a Keycloak
server properly configured with https<br>
>> configuration.<br>
>> The server certificate is one
which is already known by the default
java<br>
>> trustore.<br>
>> Would it be possible to setup
the keycloak.json adapter config to use<br>
>> this default java trustore ?<br>
>><br>
>> Best,<br>
>> Jerome<br>
>><br>
>>
_______________________________________________<br>
>> keycloak-user mailing list<br>
>> <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
>> <a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
>
_______________________________________________<br>
> keycloak-user mailing list<br>
> <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
>
_______________________________________________<br>
> keycloak-user mailing list<br>
> <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>