[keycloak-user] import SAML keys via command line
John Dennis
jdennis at redhat.com
Tue Sep 19 13:04:47 EDT 2017
On 09/19/2017 11:24 AM, John Dennis wrote:
> On 09/19/2017 06:43 AM, Pieter Lukasse wrote:
>> Hi,
>>
>> I have a .jks file which I would like to import into keycloak using the
>> command line instead of the "SAML keys" page (in SAML client config page).
>>
>> I cannot find any command for this here http://www.keycloak.org/
>> docs/3.3/server_admin/topics/admin-cli.html
>>
>> Is this just missing or is the documentation incomplete? Can someone help
>> me on this one?
>
> You can import using the Java keytool utility, but the import format
> MUST be PKCS12.
>
> Note: replace xxx, key.pem & cert.pem with appropriate values, hopefully
> it should be obvious which xxx matches in each command.
>
> First create a .p12 PKCS12 file:
>
> % openssl pkcs12 -export -name xxx -passout pass:xxx -in cert.pem -inkey
> key.pem -out xxx.p12
>
> Then import the .p12 PKCS12 file into the keystore:
>
> % keytool -importkeystore -srckeystore xxx.p12 -srcstoretype PKCS12
> -srcstorepass xxx -destkeystore keycloak.jks -deststorepass xxx -alias xxx
I may have misread your original question, I thought you were asking how
to import a key. But if all you want to do is import the contents of
another JAVA keystore then just use -importkeystore -srckeystore JKS.
The keytool man page has keystore import examples, including both
importing an entire keystore or juast a specific key from the keystore.
See the man page for details.
--
John
More information about the keycloak-user
mailing list