[keycloak-dev] Keycloak realm specific Certificate Management System
Giriraj Sharma
giriraj.sharma27 at gmail.com
Tue Feb 17 10:48:12 EST 2015
Stian,
I more or less meant the same :)
*For the first/initial implementation:*
Consider a use case :-
*Company X uploads his keycloak-server.json to KC auth server.*
*As the user will upload/create a new realm, the realm will be initialized
by auto-generated keys/certificates.*
We do have keys tab in admin console for a realm. When admin will click
upon keys, he will be shown his auto-generated keys/certificates.
Now, *admin will have an option to either keep those keys/certs or else
delete them and upload his own*. It will provide upload/download
functionality. These keys/certs will represent CA key/certs.
Talking about users, each user will be initialized with auto-generated
keys/certs at the time of its creation.
While viewing an individual user for any specific realm in administrative
console, we can have Keys View in addition to Attributes, Credentials, Role
Mappings and Sessions.
*Keys View (UI) will initially show auto generated keys/cert to the user
where he can perform all CA operations.*
*Keys View (UI) will let user upload, download, retrieve, validate, revoke,
renew(revoke+generate) and delete(optional) his keys/Certificates*.
*Once first class requirements are done, we can look forward to*
* Ability to generate SSL certificates for servers, including automatic
certificate management (https://github.com/letsencrypt/acme-spec)
On Tue, Feb 17, 2015 at 8:40 PM, Bill Burke <bburke at redhat.com> wrote:
>
>
> On 2/17/2015 10:08 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Bill Burke" <bburke at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Tuesday, February 17, 2015 3:58:50 PM
> >> Subject: Re: [keycloak-dev] Keycloak realm specific Certificate
> Management System
> >>
> >> I think that many companies will want to manage keypairs/certificates
> >> themselves. I'm thinking that we'll want to have an option for users to
> >> set up client-certs themselves. For example, think of OTP. We have a
> >> switch that requires the user to set up OTP when then log in. We could
> >> provide the same for client certs where the user uploads their
> >> certificate the first time they log in.
> >
> > Aren't certs just for clients, and so wouldn't they upload/generate
> certs for an app through the admin console?
> >
>
> I'm not sure. That's the problem. I just think that many companies
> might have their own certificate management systems.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150217/e2850d9f/attachment-0001.html
More information about the keycloak-dev
mailing list