[keycloak-user] import SAML keys via command line

John Dennis jdennis at redhat.com
Tue Sep 19 13:04:47 EDT 2017


On 09/19/2017 11:24 AM, John Dennis wrote:
> On 09/19/2017 06:43 AM, Pieter Lukasse wrote:
>> Hi,
>>
>> I have a .jks file which I would like to import into keycloak using the
>> command line instead of the "SAML keys" page (in SAML client config page).
>>
>> I cannot find any command for this here http://www.keycloak.org/
>> docs/3.3/server_admin/topics/admin-cli.html
>>
>> Is this just missing or is the documentation incomplete? Can someone help
>> me on this one?
> 
> You can import using the Java keytool utility, but the import format
> MUST be PKCS12.
> 
> Note: replace xxx, key.pem & cert.pem with appropriate values, hopefully
> it should be obvious which xxx matches in each command.
> 
> First create a .p12 PKCS12 file:
> 
> % openssl pkcs12 -export -name xxx -passout pass:xxx -in cert.pem -inkey
> key.pem -out xxx.p12
> 
> Then import the .p12 PKCS12 file into the keystore:
> 
> % keytool -importkeystore -srckeystore xxx.p12 -srcstoretype PKCS12
> -srcstorepass xxx -destkeystore keycloak.jks -deststorepass xxx -alias xxx

I may have misread your original question, I thought you were asking how 
to import a key. But if all you want to do is import the contents of 
another JAVA keystore then just use -importkeystore -srckeystore JKS. 
The keytool man page has keystore import examples, including both 
importing an entire keystore or juast a specific key from the keystore. 
See the man page for details.


-- 
John


More information about the keycloak-user mailing list