[keycloak-user] Realms using certificate files, not autogenerated keys

Jeremy Simon jeremy at jeremysimon.com
Mon Jan 25 09:03:31 EST 2016


Alright I get it.  Thinking about it, I guess that isn't so bad.  I
see there's an endpoint I can grab cert info, so should be ok.
Thanks!
jeremy
jeremy at jeremysimon.com
www.JeremySimon.com


On Fri, Jan 22, 2016 at 5:42 PM, Bill Burke <bburke at redhat.com> wrote:
> Each realm uses a keypair to sign tokens or SAML documents that it sends to
> the client/app.  This is stored and generated by keycloak. We don't have an
> option to change that.
>
> For HTTPS, you can configure a truststore on the IDP/server side when the
> REALM is making background HTTPS requests.  This truststore is used to
> verify the cert used by the remote connection to encrypt (one-way SSL).  Is
> this what you mean?
>
> On 1/22/2016 5:30 PM, Jeremy Simon wrote:
>>
>> ok.  You are saying that is limited to HTTPS connection only?  If so,
>> how do I effectively configure "This realm uses this cert or
>> keystore"?
>> jeremy
>> jeremy at jeremysimon.com
>> www.JeremySimon.com
>>
>>
>> On Fri, Jan 22, 2016 at 5:26 PM, Bill Burke <bburke at redhat.com> wrote:
>>>
>>> adapter is for the client/application side.  For openid connect clients,
>>> there is no keys generated for the client.  The client-keystore is to
>>> set up SSL trust.
>>>
>>> On 1/22/2016 5:17 PM, Jeremy Simon wrote:
>>>>
>>>> Hi,
>>>>
>>>> I'd like my realm(s) to pull from a keystore file instead of the
>>>> autogenerated keys in the UI, but I'm not quite sure how to pull it
>>>> off.
>>>>
>>>> In 8.1 (General Adaptor Config), you can set a client-keystore but it
>>>> doesn't seem like what I'm looking for...nor is it clear if you just
>>>> name it whatever you please or if this goes in keycloak-server.json
>>>> ("Each adapter supported by Keycloak can be configured by a simple
>>>> JSON text file"...  not descriptive enough).  But like I said, this
>>>> doesn't seem like the right place / scenario.
>>>>
>>>> Any direction would be greatly appreciated!
>>>>
>>>> jeremy
>>>> jeremy at jeremysimon.com
>>>> www.JeremySimon.com
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>


More information about the keycloak-user mailing list