<div dir="ltr">:)<div><br></div><div>Bill can confirm, but I think -Djavax.net.ssl.trustStore should work on the adapter side, and using adapter 'truststore' property is optional. If set it overrides Java runtime trustore config, if not java runtime truststore is used.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 19, 2016 at 5:01 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
So, how do you like the new keycloak logo?<div><div class="h5"><br>
<br>
<div>On 2/19/2016 10:55 AM, Marko Strukelj
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">That's just an expression used when someone steers
the thread into an unrelated topic :)<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 19, 2016 at 4:39 PM,
Jeremy Simon <span dir="ltr"><<a href="mailto:jeremy@jeremysimon.com" target="_blank">jeremy@jeremysimon.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">Sorry, I simply misunderstood. Not try to
hijack anything... What good would that do??</p>
<div>
<div>
<div class="gmail_quote">On Feb 19, 2016 9:53 AM,
"Marko Strukelj" <<a href="mailto:mstrukel@redhat.com" target="_blank">mstrukel@redhat.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Please don't hijack a thread. These
sound like two separate issues. Here we are
talking about getting client adapter to connect
to https protected Keycloak server - which
requires that some truststore is used by
HttpClient library used by adapter.
<div><br>
</div>
<div>What you are talking about - realm keys -
is something completely different, and has
nothing to do with a truststore.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 19, 2016 at
3:10 PM, Jeremy Simon <span dir="ltr"><<a href="mailto:jeremy@jeremysimon.com" target="_blank"></a><a href="mailto:jeremy@jeremysimon.com" target="_blank">jeremy@jeremysimon.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hey there,<br>
<br>
I had asked about this a while ago too. Far
as I know, the current<br>
implementation uses the jks for the HTTPS
communication only. All<br>
realms generate their own key pair.<br>
<br>
Now to get around that, maybe you could
export a realm to JSON, put in<br>
what you want for the key information and
import it as a new realm or<br>
server configuration. That might be a
little crazy. The more I<br>
thought about it, since the realm key pairs
are for signing and<br>
encrypting the JWTs (or saml), that it's
kinda nice you can hit a key<br>
and generate new ones in case of a
compromise...or to keep stuff<br>
revolving.<br>
<br>
Hope that helps!<br>
<br>
jeremy<br>
<a href="mailto:jeremy@jeremysimon.com" target="_blank">jeremy@jeremysimon.com</a><br>
<a href="http://www.JeremySimon.com" rel="noreferrer" target="_blank">www.JeremySimon.com</a><br>
<div>
<div><br>
<br>
On Fri, Feb 19, 2016 at 8:41 AM, Jérôme
Revillard <<a href="mailto:jrevillard@gnubila.fr" target="_blank">jrevillard@gnubila.fr</a>>
wrote:<br>
> Any advise for this please ?<br>
><br>
> Best,<br>
> Jerome<br>
><br>
><br>
> Le 17/02/2016 11:19, Jérôme
Revillard a écrit :<br>
><br>
> Yes, it seems to be the case for
the server, but not for the clients. See<br>
> the trustore config description
here:<br>
> <a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config" rel="noreferrer" target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config</a><br>
><br>
> Best,<br>
> Jerome<br>
><br>
> Le 17/02/2016 11:09, Bruno Oliveira
a écrit :<br>
><br>
> I'm not sure if I got your question
in the right way. But from my<br>
> understanding Java truststore is
the standard fall back.<br>
><br>
> See item 3.2.5<br>
> <a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html" rel="noreferrer" target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html</a><br>
><br>
> On Wed, Feb 17, 2016 at 6:07 AM
Jérôme Revillard <<a href="mailto:jrevillard@gnubila.fr" target="_blank"></a><a href="mailto:jrevillard@gnubila.fr" target="_blank">jrevillard@gnubila.fr</a>><br>
> wrote:<br>
>><br>
>> Dear all,<br>
>><br>
>> I'm testing now a Keycloak
server properly configured with https<br>
>> configuration.<br>
>> The server certificate is one
which is already known by the default
java<br>
>> trustore.<br>
>> Would it be possible to setup
the keycloak.json adapter config to use<br>
>> this default java trustore ?<br>
>><br>
>> Best,<br>
>> Jerome<br>
>><br>
>>
_______________________________________________<br>
>> keycloak-user mailing list<br>
>> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
>
_______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
>
_______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div></div><span class="HOEnZb"><font color="#888888"><pre cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a></pre>
</font></span></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>