Re: [keycloak-dev] Keycloak realm specific Certificate Management System

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Tuesday, February 17, 2015 3:58:50 PM Subject: Re: [keycloak-dev] Keycloak realm specific Certificate Management System I think that many companies will want to manage keypairs/certificates themselves. I'm thinking that we'll want to have an option for users to set up client-certs themselves. For example, think of OTP. We have a switch that requires the user to set up OTP when then log in. We could provide the same for client certs where the user uploads their certificate the first time they log in.

On 2/17/2015 4:12 AM, Giriraj Sharma wrote: > Hi, > > To support *first/initial cut of certificate management *for realm > users, we can have keys and X509 Certificate generation for each > individual user at the time of its creation. This will imply for realm > admin too. > > While viewing an individual user for any specific realm in > administrative console, we can have Keys View in addition to Attributes, > Credentials, Role Mappings and Sessions. Keys View (UI) will let user > retrieve, validate, revoke, renew(revoke+generate) and delete(optional) > his keys/Certificates. > > If it makes sense, I shall start working around it. > > -- > Giriraj Sharma, > Department of Computer Science > National Institute of Technology Hamirpur > Himachal Pradesh, India > > > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev