From: "Bill Burke" <bburke(a)redhat.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, 5 November, 2014 3:12:12 PM
Subject: Re: [keycloak-dev] Certificate on realm
Probably shouldn't be exposing them. I can't think of any reason why we
should.
On 11/5/2014 9:07 AM, Stian Thorgersen wrote:
> Doh! I get it now, the certificate is created from the realms key-pair.
> Keycloak signs with private key, client checks with certificate.
>
> BTW we're currently exposing the realm private key and the new code secret
> through the admin rest endpoints. This isn't really a good thing is it?
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke(a)redhat.com>
>> To: keycloak-dev(a)lists.jboss.org
>> Sent: Wednesday, 5 November, 2014 3:01:17 PM
>> Subject: Re: [keycloak-dev] Certificate on realm
>>
>> It is used by SAML. With SAML, there is an IDP XML descriptor and it
>> publishes certificates, not public keys. IMO, we should probably start
>> to move to certificates rather than public keys anyways. Also, if we
>> ever add client cert support, I'd like client certs signed by this realm
>> certificate.
>>
>> On 11/5/2014 8:37 AM, Stian Thorgersen wrote:
>>> What's the purpose of the x509 certificate on the RealmModel and in
admin
>>> console? I can't find any usage of it in the code.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>>
http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com