[keycloak-dev] Keycloak realm specific Certificate Management System

Stian Thorgersen stian at redhat.com
Tue Feb 17 10:08:13 EST 2015



----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, February 17, 2015 3:58:50 PM
> Subject: Re: [keycloak-dev] Keycloak realm specific Certificate Management System
> 
> I think that many companies will want to manage keypairs/certificates
> themselves.  I'm thinking that we'll want to have an option for users to
> set up client-certs themselves.  For example, think of OTP.  We have a
> switch that requires the user to set up OTP when then log in.  We could
> provide the same for client certs where the user uploads their
> certificate the first time they log in.

Aren't certs just for clients, and so wouldn't they upload/generate certs for an app through the admin console?

> 
> On 2/17/2015 4:12 AM, Giriraj Sharma wrote:
> > Hi,
> >
> > To support *first/initial cut of certificate management *for realm
> > users, we can have  keys and X509 Certificate generation for each
> > individual user at the time of its creation. This will imply for realm
> > admin too.
> >
> > While viewing an individual user for any specific realm in
> > administrative console, we can have Keys View in addition to Attributes,
> > Credentials, Role Mappings and Sessions. Keys View (UI) will let user
> > retrieve, validate, revoke, renew(revoke+generate) and delete(optional)
> > his keys/Certificates.
> >
> > If it makes sense, I shall start working around it.
> >
> > --
> > Giriraj Sharma,
> > Department of Computer Science
> > National Institute of Technology Hamirpur
> > Himachal Pradesh, India
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list