We're in the process of rotating one of our realm certificates. I'm aware
that Keycloak can have multiple active and/or passive key providers
configured but it looks like Keycloak will only ever use the single active
key provider with the highest priority for signing.
I'm pretty sure the answer is no but is there any way of configuring
Keycloak to use a specific active key provider when signing for a specific
client? Having that feature would make the key rotation process slightly
easier if you have to coordinate the rotation timing with multiple clients
that can only hardcode a single certificate/public key to trust.
Jared
Show replies by date