Stian,

I more or less meant the same :)

For the first/initial implementation:

Consider a use case :-

Company X uploads his keycloak-server.json to KC auth server.

As the user will upload/create a new realm, the realm will be initialized by auto-generated keys/certificates.

We do have keys tab in admin console for a realm. When admin will click upon keys, he will be shown his auto-generated keys/certificates.

Now, admin will have an option to either keep those keys/certs or else delete them and upload his own. It will provide upload/download functionality. These keys/certs will represent CA key/certs.

Talking about users, each user will be initialized with auto-generated keys/certs at the time of its creation.

While viewing an individual user for any specific realm in administrative console, we can have Keys View in addition to Attributes, Credentials, Role Mappings and Sessions.

Keys View (UI) will initially show auto generated keys/cert to the user where he can perform all CA operations.

Keys View (UI) will let user upload, download, retrieve, validate, revoke, renew(revoke+generate) and delete(optional) his keys/Certificates.

Once first class requirements are done, we can look forward to

* Ability to generate SSL certificates for servers, including automatic certificate management (https://github.com/letsencrypt/acme-spec)

On Tue, Feb 17, 2015 at 8:40 PM, Bill Burke <bburke@redhat.com> wrote:

On 2/17/2015 10:08 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke@redhat.com>
>> To: keycloak-dev@lists.jboss.org
>> Sent: Tuesday, February 17, 2015 3:58:50 PM
>> Subject: Re: [keycloak-dev] Keycloak realm specific Certificate Management System
>>
>> I think that many companies will want to manage keypairs/certificates
>> themselves. I'm thinking that we'll want to have an option for users to
>> set up client-certs themselves. For example, think of OTP. We have a
>> switch that requires the user to set up OTP when then log in. We could
>> provide the same for client certs where the user uploads their
>> certificate the first time they log in.
>
> Aren't certs just for clients, and so wouldn't they upload/generate certs for an app through the admin console?
>

I'm not sure. That's the problem. I just think that many companies
might have their own certificate management systems.

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

Giriraj Sharma,

Department of Computer Science
National Institute of Technology Hamirpur

Himachal Pradesh, India