You can upload client certs for saml clients, but I think we have a
attribute size problem for large cert chains.
On 1/27/2016 5:17 AM, Stian Thorgersen
We don't support uploading the realm keys through
the admin console at the moment. However, you should be able to
use the admin endpoints to manually set it. Should be relatively
easy to add though, so you can create a JIRA to request it, but
you're actually the first to request it.
With regards to clients we don't have an elegant way to
deal with this. What we have is if the public key is not
specified in the client config it will download it from
Keycloak at startup, so if you restart your clients after
creating new keys it should work. Ideally Keycloak should send
a message to the clients to notify them that the keys have
changed so they can re-fetch from Keycloak, but that hasn't
been implemented yet. Again, feel free to request that.
keycloak-user mailing list
JBoss, a division of Red Hat