Re: [keycloak-dev] Keycloak realm specific Certificate Management System
This doesn't sound like what I had in mind for the GSoC project. Also, this is more
implementation details than the higher level design document I was expecting initially.
Main requirements I had in mind for GSoC project was:
* Ability to generate/upload CA certificate
* Ability to generate SSL certificates for servers, including automatic certificate
management (https://github.com/letsencrypt/acme-spec)
* Ability to download CA certficiate or self-signed certificates. This could be to import
into browser, into truststore for clients, etc.
* Ability to revoke certificates
* Ability to view/manage certificates through admin console
What you're proposing sounds more like just what we'd need to authenticating
users/clients with certificates.
----- Original Message -----
From: "Giriraj Sharma" <giriraj.sharma27(a)gmail.com>
To: keycloak-dev(a)lists.jboss.org
Cc: "Stian T" <stian(a)redhat.com>
Sent: Tuesday, February 17, 2015 10:12:41 AM
Subject: Keycloak realm specific Certificate Management System
Hi,
To support *first/initial cut of certificate management *for realm users,
we can have keys and X509 Certificate generation for each individual user
at the time of its creation. This will imply for realm admin too.
While viewing an individual user for any specific realm in administrative
console, we can have Keys View in addition to Attributes, Credentials, Role
Mappings and Sessions. Keys View (UI) will let user retrieve, validate,
revoke, renew(revoke+generate) and delete(optional) his keys/Certificates.
If it makes sense, I shall start working around it.
--
Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India