Tutorial: Keycloak 16 and SSL Configuration

As an addition to our Setting Up A Keycloak Server For Authenticating To FileMaker series, we’ve documented the new approach to configuring the SSL certificate in Keycloak 16. Hopefully this is useful to more than just FileMaker folks:

It is also available on our website at soundsessential.com.

2 Likes

Thank-you for the informative article. It seems to be based on the assumption that the keystore contains a single entry. Sites with multiple entries in their keystore should use the ‘alias-filter’ attribute as shown below:

        <tls>
            <key-stores>
                <key-store name="applicationKS">
                    <credential-reference clear-text="PASSWORD"/>
                    <implementation type="JKS"/>
                    <file path="keycloak.jks" relative-to="jboss.server.config.dir"/>
                </key-store>
            </key-stores>
            <key-managers>
                    <key-manager name="applicationKM" key-store="applicationKS" alias-filter="ALIAS" >
                    <credential-reference clear-text="PASSWORD"/>
                </key-manager>
            </key-managers>
            <server-ssl-contexts>
                <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
            </server-ssl-contexts>
        </tls>

Where 'ALIAS" matches the output of keytool -list -keystore keycloak.jks and ‘PASSWORD’ matches the password of the keystore.

This attribute is described here: Chapter 1. Securing the Server and Its Interfaces Red Hat JBoss Enterprise Application Platform 7.2 | Red Hat Customer Portal