Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-15015

Add whole certificate chain to the JWKS endpoint for a realm

    Details

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Currently the JWKS endpoint for a realm will only return the latest certificate in a certificate chain in the "x5c" property. This limits the possibilities of end-users to validate the signatures of this given certificate. This feature would be useful if you have a certificate chain signed by an EU Trusted Certificate Provider. (https://helpx.adobe.com/document-cloud/kb/european-union-trust-lists.html).

      It would be beneficial if it was possible to retrieve the whole certificate chain from this endpoint instead of having to provide the third party all the separate certificates which is a part of the certificate signing chain.

      It seems like it would require a code-change to the class: OIDCLoginProtocolService "certs" endpoint.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                fredrikespedal Fredrik Espedal
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: