Each realm uses a keypair to sign tokens or SAML documents that it sends
to the client/app. This is stored and generated by keycloak. We don't
have an option to change that.
For HTTPS, you can configure a truststore on the IDP/server side when
the REALM is making background HTTPS requests. This truststore is used
to verify the cert used by the remote connection to encrypt (one-way
SSL). Is this what you mean?
On 1/22/2016 5:30 PM, Jeremy Simon wrote:
ok. You are saying that is limited to HTTPS connection only? If
so,
how do I effectively configure "This realm uses this cert or
keystore"?
jeremy
jeremy(a)jeremysimon.com
www.JeremySimon.com
On Fri, Jan 22, 2016 at 5:26 PM, Bill Burke <bburke(a)redhat.com> wrote:
> adapter is for the client/application side. For openid connect clients,
> there is no keys generated for the client. The client-keystore is to
> set up SSL trust.
>
> On 1/22/2016 5:17 PM, Jeremy Simon wrote:
>> Hi,
>>
>> I'd like my realm(s) to pull from a keystore file instead of the
>> autogenerated keys in the UI, but I'm not quite sure how to pull it
>> off.
>>
>> In 8.1 (General Adaptor Config), you can set a client-keystore but it
>> doesn't seem like what I'm looking for...nor is it clear if you just
>> name it whatever you please or if this goes in keycloak-server.json
>> ("Each adapter supported by Keycloak can be configured by a simple
>> JSON text file"... not descriptive enough). But like I said, this
>> doesn't seem like the right place / scenario.
>>
>> Any direction would be greatly appreciated!
>>
>> jeremy
>> jeremy(a)jeremysimon.com
>>
www.JeremySimon.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user