[keycloak-dev] Keycloak realm specific Certificate Management System

Stian Thorgersen stian at redhat.com
Tue Feb 17 10:07:15 EST 2015


This doesn't sound like what I had in mind for the GSoC project. Also, this is more implementation details than the higher level design document I was expecting initially.

Main requirements I had in mind for GSoC project was:

* Ability to generate/upload CA certificate
* Ability to generate SSL certificates for servers, including automatic certificate management (https://github.com/letsencrypt/acme-spec)
* Ability to download CA certficiate or self-signed certificates. This could be to import into browser, into truststore for clients, etc.
* Ability to revoke certificates
* Ability to view/manage certificates through admin console

What you're proposing sounds more like just what we'd need to authenticating users/clients with certificates.

----- Original Message -----
> From: "Giriraj Sharma" <giriraj.sharma27 at gmail.com>
> To: keycloak-dev at lists.jboss.org
> Cc: "Stian T" <stian at redhat.com>
> Sent: Tuesday, February 17, 2015 10:12:41 AM
> Subject: Keycloak realm specific Certificate Management System
> 
> Hi,
> 
> To support *first/initial cut of certificate management *for realm users,
> we can have  keys and X509 Certificate generation for each individual user
> at the time of its creation. This will imply for realm admin too.
> 
> While viewing an individual user for any specific realm in administrative
> console, we can have Keys View in addition to Attributes, Credentials, Role
> Mappings and Sessions. Keys View (UI) will let user retrieve, validate,
> revoke, renew(revoke+generate) and delete(optional) his keys/Certificates.
> 
> If it makes sense, I shall start working around it.
> 
> --
> Giriraj Sharma,
> Department of Computer Science
> National Institute of Technology Hamirpur
> Himachal Pradesh, India
> 


More information about the keycloak-dev mailing list