Re: [keycloak-dev] Certificate on realm

Doh! I get it now, the certificate is created from the realms key-pair. Keycloak signs with private key, client checks with certificate. BTW we're currently exposing the realm private key and the new code secret through the admin rest endpoints. This isn't really a good thing is it? ----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 5 November, 2014 3:01:17 PM > Subject: Re: [keycloak-dev] Certificate on realm > > It is used by SAML. With SAML, there is an IDP XML descriptor and it > publishes certificates, not public keys. IMO, we should probably start > to move to certificates rather than public keys anyways. Also, if we > ever add client cert support, I'd like client certs signed by this realm > certificate. > > On 11/5/2014 8:37 AM, Stian Thorgersen wrote: >> What's the purpose of the x509 certificate on the RealmModel and in admin >> console? I can't find any usage of it in the code. >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >