[keycloak-user] Spring Security Adapter - setting properties vs keycloak.json
Chris Savory
chris.savory at edlogics.com
Tue Dec 6 09:51:28 EST 2016
You just need to supply an input stream to KeycloakDeploymentBuilder.build, which will provide you a KeycloakDeployment object. The source of that input stream can be anything you want.
I’m not aware of any way to generate the JSON file that is supplied by Keycloak. If you look at KeycloakDeploymentBuilder they are just using a simple Jackson ObjectMapper readValue. So, if you wanted to generate the JSON yourself, you could just reverse that and do a writeValue on a AdapterConfig object.
--
Christopher Savory
Software Engineer | EdLogics
From: Matt H <tsdgcc2087 at outlook.com>
Date: Tuesday, December 6, 2016 at 8:31 AM
To: Chris Savory <chris.savory at edlogics.com>, "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Spring Security Adapter - setting properties vs keycloak.json
I saw that, but that looked like a way to specify different json configs depending on paths. Was there a way in there to actually build the json?
________________________________________
From: Chris Savory <chris.savory at edlogics.com>
Sent: Tuesday, December 6, 2016 8:23 AM
To: Matt H; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Spring Security Adapter - setting properties vs keycloak.json
You could use the KeycloakConfigResolver. It’s meant for multi-tenant scenarios, but you could just configure one (or many) Keycloak realms via that java object.
--
Christopher Savory
Software Engineer | EdLogics
www.edlogics.com <http://www.edlogics.com/>
EdLogics | Taking consumer health education & ...
www.edlogics.com
EdLogics provides consumers with a broad array of consumer friendly education resources using a multimedia gamified approach and pairs it with unique incentives and ...
EdLogics | Taking consumer health education & ...
www.edlogics.com
EdLogics provides consumers with a broad array of consumer friendly education resources using a multimedia gamified approach and pairs it with unique incentives and ...
<http://www.edlogics.com/>
EdLogics | Taking consumer health education & ...
www.edlogics.com
EdLogics provides consumers with a broad array of consumer friendly education resources using a multimedia gamified approach and pairs it with unique incentives and ...
<https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics>
EdLogics | LinkedIn
www.linkedin.com
Learn about working at EdLogics. Join LinkedIn today for free. See who you know at EdLogics, leverage your professional network, and get hired.
EdLogics (@EdLogics) | Twitter
twitter.com
The latest Tweets from EdLogics (@EdLogics). Empowering individuals through improved health literacy
On 12/6/16, 8:05 AM, "keycloak-user-bounces at lists.jboss.org on behalf of Matt H" <keycloak-user-bounces at lists.jboss.org on behalf of tsdgcc2087 at outlook.com> wrote:
When using the Spring Security Adapter, is it possible to set properties for the values and not use the keycloak.json file? Having the credentials.secret value stored in clear text is not an option for me. I already have a way to encrypt values and read them in my application, I just need to decrypt this value and set it. The only alternative I have is to dynamically generate the keycloak.json file at the start of my app, then set the property keycloak.configurationFile with this location.
Also, when reading the Securing Applications and Services guide, it states that the value for realm-public-key is OPTIONAL and should not be set since Keycloak rotates keys. However if the value is set, the adapter will not download the key. This seems like a good idea, but having keycloak generate the json file with this value seems bad. Most clients would just take the file that is generated by the keycloak UI then add it to their application without knowing this.
Matt
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list