[keycloak-dev] SAML adapter configuration - read passwords from credential-store
Daniel Schmidt
list-keycloak at ad-schmidt.de
Thu Jul 18 10:54:17 EDT 2019
Hi,
I am using the SAML Adapter in Wildfly. I am configuring it via Keycloak
SAML Subsystem in standalone.xml
Currently I am trying to remove all clear-text passwords from this file.
This also applies to the password-attributes in the <KeyStore>-elements
of the SAML adapter configuration:
<KeyStore password="REMOVE_THIS"
file="${jboss.server.config.dir}\saml_keystore.jks">
<PrivateKey alias="some_alias" password="REMOVE_THIS"/>
<Certificate alias="some_alias"/>
</KeyStore>
I placed all other credentials in a credential store[1] and replaced the
password with
<credential-reference store="credential-store" alias="credential-alias"/>
I found that currently this is not possible with the SAML adapter
configuration.
Are there any plans/issues to allow the passwords to be read from a
credential store?
If there aren't any: Could you please guide me to a document on how to
create this issue and the process of submitting a PR for keycloak?
If you have any other ideas regarding this configuration, this would
also be great.
Best regards
Daniel Schmidt
[1]:
https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/12/html/how_to_configure_server_security/securely_storing_credentials#credential_store
More information about the keycloak-dev
mailing list