[keycloak-user] Key Rotation for SAML client
Hynek Mlnarik
hmlnarik at redhat.com
Thu Jun 1 02:16:30 EDT 2017
If the clients are using Keycloak adapters, see [1]. Other clients can
use standard SAML descriptor available at
server-root/auth/realms/{realm}/protocol/saml/descriptor, see [2].
[1] https://keycloak.gitbooks.io/documentation/securing_apps/topics/saml/java/general-config/idp_keys_subelement.html
[2] https://keycloak.gitbooks.io/documentation/server_admin/topics/clients/saml/entity-descriptors.html
On Tue, May 30, 2017 at 9:55 PM, Muein Muzamil
<shmuein+keycloak-dev at gmail.com> wrote:
> Hi all,
>
> We have a business use case, where we'll have a realm with 50+ SAML clients
> configured and we want to update the SAML key for the realm (either for
> security reason or the certificate got expired),
>
> I was reading following section but it seems mostly focused on OIDC.Can
> someone please share how does KeyCloak handle this for SAML? Important
> thing to realize is, we cannot imagine our customer to update realm
> certificate in all 50+ service providers at the same time.
> https://keycloak.gitbooks.io/documentation/server_admin/topics/realms/keys.html
>
> Regards,
> Muein
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
More information about the keycloak-user
mailing list