[keycloak-user] Realms using certificate files, not autogenerated keys

Bill Burke bburke at redhat.com
Fri Jan 22 17:42:44 EST 2016


Each realm uses a keypair to sign tokens or SAML documents that it sends 
to the client/app.  This is stored and generated by keycloak. We don't 
have an option to change that.

For HTTPS, you can configure a truststore on the IDP/server side when 
the REALM is making background HTTPS requests.  This truststore is used 
to verify the cert used by the remote connection to encrypt (one-way 
SSL).  Is this what you mean?
On 1/22/2016 5:30 PM, Jeremy Simon wrote:
> ok.  You are saying that is limited to HTTPS connection only?  If so,
> how do I effectively configure "This realm uses this cert or
> keystore"?
> jeremy
> jeremy at jeremysimon.com
> www.JeremySimon.com
>
>
> On Fri, Jan 22, 2016 at 5:26 PM, Bill Burke <bburke at redhat.com> wrote:
>> adapter is for the client/application side.  For openid connect clients,
>> there is no keys generated for the client.  The client-keystore is to
>> set up SSL trust.
>>
>> On 1/22/2016 5:17 PM, Jeremy Simon wrote:
>>> Hi,
>>>
>>> I'd like my realm(s) to pull from a keystore file instead of the
>>> autogenerated keys in the UI, but I'm not quite sure how to pull it
>>> off.
>>>
>>> In 8.1 (General Adaptor Config), you can set a client-keystore but it
>>> doesn't seem like what I'm looking for...nor is it clear if you just
>>> name it whatever you please or if this goes in keycloak-server.json
>>> ("Each adapter supported by Keycloak can be configured by a simple
>>> JSON text file"...  not descriptive enough).  But like I said, this
>>> doesn't seem like the right place / scenario.
>>>
>>> Any direction would be greatly appreciated!
>>>
>>> jeremy
>>> jeremy at jeremysimon.com
>>> www.JeremySimon.com
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com



More information about the keycloak-user mailing list