[keycloak-user] Spring Security Adapter - setting properties vs keycloak.json
Chris Savory
chris.savory at edlogics.com
Tue Dec 6 09:23:17 EST 2016
You could use the KeycloakConfigResolver. It’s meant for multi-tenant scenarios, but you could just configure one (or many) Keycloak realms via that java object.
--
Christopher Savory
Software Engineer | EdLogics
www.edlogics.com <http://www.edlogics.com/>
<http://www.edlogics.com/>
<https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics>
On 12/6/16, 8:05 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Matt H" <keycloak-user-bounces at lists.jboss.org on behalf of tsdgcc2087 at outlook.com> wrote:
When using the Spring Security Adapter, is it possible to set properties for the values and not use the keycloak.json file? Having the credentials.secret value stored in clear text is not an option for me. I already have a way to encrypt values and read them in my application, I just need to decrypt this value and set it. The only alternative I have is to dynamically generate the keycloak.json file at the start of my app, then set the property keycloak.configurationFile with this location.
Also, when reading the Securing Applications and Services guide, it states that the value for realm-public-key is OPTIONAL and should not be set since Keycloak rotates keys. However if the value is set, the adapter will not download the key. This seems like a good idea, but having keycloak generate the json file with this value seems bad. Most clients would just take the file that is generated by the keycloak UI then add it to their application without knowing this.
Matt
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list