Doh! I get it now, the certificate is created from the realms key-pair. Keycloak signs
with private key, client checks with certificate.
BTW we're currently exposing the realm private key and the new code secret through the
admin rest endpoints. This isn't really a good thing is it?
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 5 November, 2014 3:01:17 PM
Subject: Re: [keycloak-dev] Certificate on realm
It is used by SAML. With SAML, there is an IDP XML descriptor and it
publishes certificates, not public keys. IMO, we should probably start
to move to certificates rather than public keys anyways. Also, if we
ever add client cert support, I'd like client certs signed by this realm
certificate.
On 11/5/2014 8:37 AM, Stian Thorgersen wrote:
> What's the purpose of the x509 certificate on the RealmModel and in admin
> console? I can't find any usage of it in the code.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev