[keycloak-dev] Keycloak realm specific Certificate Management System
Giriraj Sharma
giriraj.sharma27 at gmail.com
Tue Feb 17 10:56:33 EST 2015
*Once first class requirements are done, we can look forward to*
* Ability to generate SSL certificates for servers, including automatic
certificate management (https://github.com/letsencrypt/acme-spec)
On Tue, Feb 17, 2015 at 9:18 PM, Giriraj Sharma <giriraj.sharma27 at gmail.com>
wrote:
> Stian,
>
> I more or less meant the same :)
>
> *For the first/initial implementation:*
>
> Consider a use case :-
> *Company X uploads his keycloak-server.json to KC auth server.*
> *As the user will upload/create a new realm, the realm will be initialized
> by auto-generated keys/certificates.*
>
> We do have keys tab in admin console for a realm. When admin will click
> upon keys, he will be shown his auto-generated keys/certificates.
> Now, *admin will have an option to either keep those keys/certs or else
> delete them and upload his own*. It will provide upload/download
> functionality. These keys/certs will represent CA key/certs.
>
> Talking about users, each user will be initialized with auto-generated
> keys/certs at the time of its creation.
> While viewing an individual user for any specific realm in administrative
> console, we can have Keys View in addition to Attributes, Credentials, Role
> Mappings and Sessions.
>
> *Keys View (UI) will initially show auto generated keys/cert to the user
> where he can perform all CA operations.*
> *Keys View (UI) will let user upload, download, retrieve, validate,
> revoke, renew(revoke+generate) and delete(optional) his keys/Certificates*
> .
>
> *Once first class requirements are done, we can look forward to*
> * Ability to generate SSL certificates for servers, including automatic
> certificate management (https://github.com/letsencrypt/acme-spec)
>
>
>
>
> On Tue, Feb 17, 2015 at 8:40 PM, Bill Burke <bburke at redhat.com> wrote:
>
>>
>>
>> On 2/17/2015 10:08 AM, Stian Thorgersen wrote:
>> >
>> >
>> > ----- Original Message -----
>> >> From: "Bill Burke" <bburke at redhat.com>
>> >> To: keycloak-dev at lists.jboss.org
>> >> Sent: Tuesday, February 17, 2015 3:58:50 PM
>> >> Subject: Re: [keycloak-dev] Keycloak realm specific Certificate
>> Management System
>> >>
>> >> I think that many companies will want to manage keypairs/certificates
>> >> themselves. I'm thinking that we'll want to have an option for users
>> to
>> >> set up client-certs themselves. For example, think of OTP. We have a
>> >> switch that requires the user to set up OTP when then log in. We could
>> >> provide the same for client certs where the user uploads their
>> >> certificate the first time they log in.
>> >
>> > Aren't certs just for clients, and so wouldn't they upload/generate
>> certs for an app through the admin console?
>> >
>>
>> I'm not sure. That's the problem. I just think that many companies
>> might have their own certificate management systems.
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
>
> --
> Giriraj Sharma,
> Department of Computer Science
> National Institute of Technology Hamirpur
> Himachal Pradesh, India
>
--
Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150217/7cc9f688/attachment.html
More information about the keycloak-dev
mailing list