[keycloak-user] Set key at realm creation or replace an existing key

Dmitry Telegin dt at acutus.pro
Wed Aug 8 08:42:58 EDT 2018


Hi,

Sebastian has answered you already, but here's another method that might be helpful for you ore someone else...

Realm keys are stored as "component configs" (o.k.models.jpa.entities.ComponentConfigEntity)
If I'm not mistaken, these are exposed via REST (o.k.services.resources.admin.ComponentResource)
So theoretically you should be able to modify them on a live realm. Didn't try this with kcadm, but feel free to try yourself and report :)

Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Wed, 2018-08-08 at 09:47 +0000, triton oidc wrote:
> Hi,
> 
> i'm trying to do an openshift based implementation.
> 
> Two server (Keycloak and a relying party RP)
> They cannot communicate, but the RP is supposed to verify Keycloak's token.
> For that he needs to have the public key of the realm.
> 
> When my pod (Docker instance) restart, i re-create the same realm, with the
> same clientID,
> but of course the realm's key is a newly generated one.
> 
> I saw in an old documentation that it was possible to upload a key
> https://www.keycloak.org/docs/1.9/server_admin_guide/topics/realms/keys.html
> 
> I didn't found the certificate in the json from
> kcadm.sh get realms
> so i don't think it's going to help using a
> kcadm.sh create realm --file [my_json_with_the_certificate_in_it]
> 
> What I would like to do is set the key at the realm creation, or modify it
> just after it's creation.
> 
> If anyone has a clue, or can just confirm me that it's not possible
> 
> Thanks a lot
> 
> Amaury
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list