Manage Keycloak truststore using the Container Cloud web UI¶
Available since 2.26.0 (17.1.0 and 16.1.0)
While communicating with external services, Keycloak must validate the certificate of the remote server to ensure secured connection.
By default, the standard Java Truststore configuration is used for validating outgoing requests. In order to properly validate client self-signed certificates, the truststore configuration must be added. The truststore is used to ensure secured connection to identity brokers, LDAP identity providers, and so on.
If a custom truststore is set, only certificates from that truststore are used. If trusted public CA certificates are also required, they must be included in the custom truststore.
To add a custom truststore for Keycloak using the Container Cloud web UI:
Log in to the Container Cloud web UI with the
m:kaas:namespace@operator
orm:kaas:namespace@writer
permissions.Switch to the default project using the Switch Project action icon located on top of the main left-side navigation panel.
In the Clusters tab, click the More action icon in the last column of the management cluster and select Configure cluster.
In the tab that opens, click Keycloak.
In the wizard that opens, under the Truststore section, fill out and save the form with the following parameters:
Parameter
Description
Data
Content of the truststore file. Click Upload to select the required file.
Password
Password of the truststore. Mandatory.
Hostname verification policy
Optional verification of the host name of the server certificate:
The default WILDCARD value allows wildcards in subdomain names.
The STRICT value requires the Common Name (CN) to match the host name.
Type
Drop-down list of supported truststore types.
Once a custom truststore for Keycloak is applied, the following configuration
is added to the Cluster
object:
spec:
providerSpec:
value:
kaas:
management:
keycloak:
truststore:
data:
value: # base64 encoded truststore file content
password:
value: # string
type: # string
hostnameVerificationPolicy: # string