Re: [keycloak-user] Adapter trustore: use default java trustore possible ?

That's just an expression used when someone steers the thread into an unrelated topic :) On Fri, Feb 19, 2016 at 4:39 PM, Jeremy Simon <jeremy(a)jeremysimon.com <mailto:jeremy@jeremysimon.com>> wrote: Sorry, I simply misunderstood. Not try to hijack anything... What good would that do?? On Feb 19, 2016 9:53 AM, "Marko Strukelj" <mstrukel(a)redhat.com <mailto:mstrukel@redhat.com>> wrote: Please don't hijack a thread. These sound like two separate issues. Here we are talking about getting client adapter to connect to https protected Keycloak server - which requires that some truststore is used by HttpClient library used by adapter. What you are talking about - realm keys - is something completely different, and has nothing to do with a truststore. On Fri, Feb 19, 2016 at 3:10 PM, Jeremy Simon <jeremy(a)jeremysimon.com <mailto:jeremy@jeremysimon.com>> wrote: Hey there, I had asked about this a while ago too. Far as I know, the current implementation uses the jks for the HTTPS communication only. All realms generate their own key pair. Now to get around that, maybe you could export a realm to JSON, put in what you want for the key information and import it as a new realm or server configuration. That might be a little crazy. The more I thought about it, since the realm key pairs are for signing and encrypting the JWTs (or saml), that it's kinda nice you can hit a key and generate new ones in case of a compromise...or to keep stuff revolving. Hope that helps! jeremy jeremy(a)jeremysimon.com <mailto:jeremy@jeremysimon.com> www.JeremySimon.com <http://www.JeremySimon.com> On Fri, Feb 19, 2016 at 8:41 AM, Jérôme Revillard <jrevillard(a)gnubila.fr <mailto:jrevillard@gnubila.fr>> wrote: > Any advise for this please ? > > Best, > Jerome > > > Le 17/02/2016 11:19, Jérôme Revillard a écrit : > > Yes, it seems to be the case for the server, but not for the clients. See > the trustore config description here: > https://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#... > > Best, > Jerome > > Le 17/02/2016 11:09, Bruno Oliveira a écrit : > > I'm not sure if I got your question in the right way. But from my > understanding Java truststore is the standard fall back. > > See item 3.2.5 > https://keycloak.github.io/docs/userguide/keycloak-server/html/server-ins... > > On Wed, Feb 17, 2016 at 6:07 AM Jérôme Revillard <jrevillard(a)gnubila.fr <mailto:jrevillard@gnubila.fr>> > wrote: >> >> Dear all, >> >> I'm testing now a Keycloak server properly configured with https >> configuration. >> The server certificate is one which is already known by the default java >> trustore. >> Would it be possible to setup the keycloak.json adapter config to use >> this default java trustore ? >> >> Best, >> Jerome >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> >> https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user