[keycloak-user] Realm Certificate from commercial Vendors

Raghuram Prabhala prabhalar at yahoo.com
Mon Feb 1 07:37:10 EST 2016 

Thanks Bill and Stian. Will look at the admin endpoints to handle the upload of certificates. Really surprised that this feature wasn't requested yet - created a jira kc2422
      From: Bill Burke <bburke at redhat.com>
 To: keycloak-user at lists.jboss.org 
 Sent: Wednesday, January 27, 2016 9:17 AM
 Subject: Re: [keycloak-user] Realm Certificate from commercial Vendors
   
 You can upload client certs for saml clients, but I think we have a attribute size problem for large cert chains.
 
 On 1/27/2016 5:17 AM, Stian Thorgersen wrote:
  
 We don't support uploading the realm keys through the admin console at the moment. However, you should be able to use the admin endpoints to manually set it. Should be relatively easy to add though, so you can create a JIRA to request it, but you're actually the first to request it.
 
  With regards to clients we don't have an elegant way to deal with this. What we have is if the public key is not specified in the client config it will download it from Keycloak at startup, so if you restart your clients after creating new keys it should work. Ideally Keycloak should send a message to the clients to notify them that the keys have changed so they can re-fetch from Keycloak, but that hasn't been implemented yet. Again, feel free to request that.  
 On 25 January 2016 at 11:50, Raghuram Prabhala <prabhalar at yahoo.com> wrote:
 
   Dev team - any comments on the commercial certificates instead of the ones created by Keycloak? 
  Raghu 
             From: Raghuram Prabhala <prabhalar at yahoo.com>
 To: Keycloak-user <keycloak-user at lists.jboss.org> 
 Sent: Thursday, January 21, 2016 2:23 PM
 Subject: Realm Certificate from commercial Vendors
    
    
  I have a question about the Certificate/private key which is generated today by Keycloak. But  rather than use that certificate ,is there any way we can use a commercial Certificate from Vendors like Verisign? When that certificate expires, how do we generate/upload a new certificate (lifecycle) and handle the switch over to a new certificate with minimal impact to any of the  client who will have to download the new certificate and use it when KC starts using the new one? 
  
     
 
       
 _______________________________________________
 keycloak-user mailing list
 keycloak-user at lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user
 
  
  
  
 _______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user 
 
 -- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com 
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160201/a2f641ac/attachment.html

More information about the keycloak-user mailing list