Alright I get it. Thinking about it, I guess that isn't so bad. I
see there's an endpoint I can grab cert info, so should be ok.
Thanks!
jeremy
jeremy(a)jeremysimon.com
Each realm uses a keypair to sign tokens or SAML documents that it
sends to
the client/app. This is stored and generated by keycloak. We don't have an
option to change that.
For HTTPS, you can configure a truststore on the IDP/server side when the
REALM is making background HTTPS requests. This truststore is used to
verify the cert used by the remote connection to encrypt (one-way SSL). Is
this what you mean?
On 1/22/2016 5:30 PM, Jeremy Simon wrote:
>
> ok. You are saying that is limited to HTTPS connection only? If so,
> how do I effectively configure "This realm uses this cert or
> keystore"?
> jeremy
> jeremy(a)jeremysimon.com
>
www.JeremySimon.com
>
>
> On Fri, Jan 22, 2016 at 5:26 PM, Bill Burke <bburke(a)redhat.com> wrote:
>>
>> adapter is for the client/application side. For openid connect clients,
>> there is no keys generated for the client. The client-keystore is to
>> set up SSL trust.
>>
>> On 1/22/2016 5:17 PM, Jeremy Simon wrote:
>>>
>>> Hi,
>>>
>>> I'd like my realm(s) to pull from a keystore file instead of the
>>> autogenerated keys in the UI, but I'm not quite sure how to pull it
>>> off.
>>>
>>> In 8.1 (General Adaptor Config), you can set a client-keystore but it
>>> doesn't seem like what I'm looking for...nor is it clear if you just
>>> name it whatever you please or if this goes in keycloak-server.json
>>> ("Each adapter supported by Keycloak can be configured by a simple
>>> JSON text file"... not descriptive enough). But like I said, this
>>> doesn't seem like the right place / scenario.
>>>
>>> Any direction would be greatly appreciated!
>>>
>>> jeremy
>>> jeremy(a)jeremysimon.com
>>>
www.JeremySimon.com
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>>
http://bill.burkecentral.com
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com