So, how do you like the new keycloak logo?

On 2/19/2016 10:55 AM, Marko Strukelj wrote:

That's just an expression used when someone steers the thread into an unrelated topic :)

On Fri, Feb 19, 2016 at 4:39 PM, Jeremy Simon <jeremy@jeremysimon.com> wrote:

Sorry, I simply misunderstood.  Not try to hijack anything... What good would that do??

On Feb 19, 2016 9:53 AM, "Marko Strukelj" <mstrukel@redhat.com> wrote:

Please don't hijack a thread. These sound like two separate issues. Here we are talking about getting client adapter to connect to https protected Keycloak server - which requires that some truststore is used by HttpClient library used by adapter.

What you are talking about - realm keys - is something completely different, and has nothing to do with a truststore.

On Fri, Feb 19, 2016 at 3:10 PM, Jeremy Simon <jeremy@jeremysimon.com> wrote:

Hey there,

I had asked about this a while ago too.  Far as I know, the current
implementation uses the jks for the HTTPS communication only.  All
realms generate their own key pair.

Now to get around that, maybe you could export a realm to JSON, put in
what you want for the key information and import it as a new realm or
server configuration.  That might be a little crazy.  The more I
thought about it, since the realm key pairs are for signing and
encrypting the JWTs (or saml), that it's kinda nice you can hit a key
and generate new ones in case of a compromise...or to keep stuff
revolving.

Hope that helps!

jeremy
jeremy@jeremysimon.com
www.JeremySimon.com

On Fri, Feb 19, 2016 at 8:41 AM, Jérôme Revillard <jrevillard@gnubila.fr> wrote:
> Any advise for this please ?
>
> Best,
> Jerome
>
>
> Le 17/02/2016 11:19, Jérôme Revillard a écrit :
>
> Yes, it seems to be the case for the server, but not for the clients. See
> the trustore config description here:
> https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config
>
> Best,
> Jerome
>
> Le 17/02/2016 11:09, Bruno Oliveira a écrit :
>
> I'm not sure if I got your question in the right way. But from my
> understanding Java truststore is the standard fall back.
>
> See item 3.2.5
> https://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html
>
> On Wed, Feb 17, 2016 at 6:07 AM Jérôme Revillard <jrevillard@gnubila.fr>
> wrote:
>>
>> Dear all,
>>
>> I'm testing now a Keycloak server properly configured with https
>> configuration.
>> The server certificate is one which is already known by the default java
>> trustore.
>> Would it be possible to setup the keycloak.json adapter config to use
>> this default java trustore ?
>>
>> Best,
>> Jerome
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user@lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user