[keycloak-dev] Certificate on realm
Stian Thorgersen
stian at redhat.com
Wed Nov 5 09:07:39 EST 2014
Doh! I get it now, the certificate is created from the realms key-pair. Keycloak signs with private key, client checks with certificate.
BTW we're currently exposing the realm private key and the new code secret through the admin rest endpoints. This isn't really a good thing is it?
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 5 November, 2014 3:01:17 PM
> Subject: Re: [keycloak-dev] Certificate on realm
>
> It is used by SAML. With SAML, there is an IDP XML descriptor and it
> publishes certificates, not public keys. IMO, we should probably start
> to move to certificates rather than public keys anyways. Also, if we
> ever add client cert support, I'd like client certs signed by this realm
> certificate.
>
> On 11/5/2014 8:37 AM, Stian Thorgersen wrote:
> > What's the purpose of the x509 certificate on the RealmModel and in admin
> > console? I can't find any usage of it in the code.
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list