[keycloak-dev] SAML adapter configuration - read passwords from credential-store
Stian Thorgersen
sthorger at redhat.com
Fri Jul 19 03:54:36 EDT 2019
On Thu, 18 Jul 2019 at 18:38, Daniel Schmidt <list-keycloak at ad-schmidt.de>
wrote:
> Hi,
>
> I am using the SAML Adapter in Wildfly. I am configuring it via Keycloak
> SAML Subsystem in standalone.xml
>
> Currently I am trying to remove all clear-text passwords from this file.
> This also applies to the password-attributes in the <KeyStore>-elements
> of the SAML adapter configuration:
>
> <KeyStore password="REMOVE_THIS"
> file="${jboss.server.config.dir}\saml_keystore.jks">
> <PrivateKey alias="some_alias" password="REMOVE_THIS"/>
> <Certificate alias="some_alias"/>
> </KeyStore>
>
> I placed all other credentials in a credential store[1] and replaced the
> password with
> <credential-reference store="credential-store" alias="credential-alias"/>
>
> I found that currently this is not possible with the SAML adapter
> configuration.
>
> Are there any plans/issues to allow the passwords to be read from a
> credential store?
>
It's something we'd like to do, but at the moment are not able to
prioritize so a contribution would be welcome for sure.
>
> If there aren't any: Could you please guide me to a document on how to
> create this issue and the process of submitting a PR for keycloak?
>
See https://github.com/keycloak/keycloak/blob/master/CONTRIBUTING.md
>
> If you have any other ideas regarding this configuration, this would
> also be great.
>
> Best regards
> Daniel Schmidt
>
> [1]:
>
> https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/12/html/how_to_configure_server_security/securely_storing_credentials#credential_store
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list