[keycloak-user] A few questions about OIDC Key Rotation in Keycloak
Yaroslav Skopets
y.skopets at gmail.com
Tue Mar 27 06:02:53 EDT 2018
Hi guys!
I've got a few questions about OIDC Key Rotation in Keycloak:
1) Does Keycloak support fully automatic rotation of OIDC keys ?
From a user perspective, I'd like to be able to set a rule ala "rotate
keys every 24 hours".
I see that https://issues.jboss.org/browse/KEYCLOAK-905 had a similar
intent: "Option to enable automatic period rotation of keys (in cluster
make sure only one node does it)"
Was it actually implemented ?
2) As a user, I'd like to automate rotation of OIDC keys.
I see that through Admin REST API I can create/activate/delete keys.
However, does Keycloak allow me as a user to attach custom meta data to
those keys ? Such as `time when the key was created`, `time when the key
was made active`, `time when the key was deactivated`, etc
My goal is to implement a key rotation policy based on those extra
pieces of meta data.
Thanks in advance!
--
Best regards,
Yaroslav Skopets
More information about the keycloak-user
mailing list