Re: [keycloak-user] Adapter trustore: use default java trustore possible ?

So, how do you like the new keycloak logo? On 2/19/2016 10:55 AM, Marko Strukelj wrote: That's just an expression used when someone steers the thread into an unrelated topic :) On Fri, Feb 19, 2016 at 4:39 PM, Jeremy Simon <jeremy(a)jeremysimon.com&gt; wrote: > Sorry, I simply misunderstood. Not try to hijack anything... What good > would that do?? > On Feb 19, 2016 9:53 AM, "Marko Strukelj" <mstrukel(a)redhat.com&gt; wrote: > >> Please don't hijack a thread. These sound like two separate issues. Here >> we are talking about getting client adapter to connect to https protected >> Keycloak server - which requires that some truststore is used by HttpClient >> library used by adapter. >> >> What you are talking about - realm keys - is something completely >> different, and has nothing to do with a truststore. >> >> On Fri, Feb 19, 2016 at 3:10 PM, Jeremy Simon < <jeremy(a)jeremysimon.com&gt; >> jeremy(a)jeremysimon.com&gt; wrote: >> >>> Hey there, >>> >>> I had asked about this a while ago too. Far as I know, the current >>> implementation uses the jks for the HTTPS communication only. All >>> realms generate their own key pair. >>> >>> Now to get around that, maybe you could export a realm to JSON, put in >>> what you want for the key information and import it as a new realm or >>> server configuration. That might be a little crazy. The more I >>> thought about it, since the realm key pairs are for signing and >>> encrypting the JWTs (or saml), that it's kinda nice you can hit a key >>> and generate new ones in case of a compromise...or to keep stuff >>> revolving. >>> >>> Hope that helps! >>> >>> jeremy >>> jeremy(a)jeremysimon.com >>> www.JeremySimon.com >>> >>> >>> On Fri, Feb 19, 2016 at 8:41 AM, Jérôme Revillard < >>> jrevillard(a)gnubila.fr&gt; wrote: >>> > Any advise for this please ? >>> > >>> > Best, >>> > Jerome >>> > >>> > >>> > Le 17/02/2016 11:19, Jérôme Revillard a écrit : >>> > >>> > Yes, it seems to be the case for the server, but not for the clients. >>> See >>> > the trustore config description here: >>> > >>> https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#... >>> > >>> > Best, >>> > Jerome >>> > >>> > Le 17/02/2016 11:09, Bruno Oliveira a écrit : >>> > >>> > I'm not sure if I got your question in the right way. But from my >>> > understanding Java truststore is the standard fall back. >>> > >>> > See item 3.2.5 >>> > >>> https://keycloak.github.io/docs/userguide/keycloak-server/html/server-ins... >>> > >>> > On Wed, Feb 17, 2016 at 6:07 AM Jérôme Revillard < >>> <jrevillard@gnubila.fr&gt;jrevillard(a)gnubila.fr&gt; >>> > wrote: >>> >> >>> >> Dear all, >>> >> >>> >> I'm testing now a Keycloak server properly configured with https >>> >> configuration. >>> >> The server certificate is one which is already known by the default >>> java >>> >> trustore. >>> >> Would it be possible to setup the keycloak.json adapter config to use >>> >> this default java trustore ? >>> >> >>> >> Best, >>> >> Jerome >>> >> >>> >> _______________________________________________ >>> >> keycloak-user mailing list >>> >> keycloak-user(a)lists.jboss.org >>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > >>> > >>> > >>> > _______________________________________________ >>> > keycloak-user mailing list >>> > keycloak-user(a)lists.jboss.org >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > >>> > >>> > _______________________________________________ >>> > keycloak-user mailing list >>> > keycloak-user(a)lists.jboss.org >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > _______________________________________________ keycloak-user mailing listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user -- Bill Burke JBoss, a division of Red Hathttp://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user