Merge pull request #48 from bcgov/dev

Merge to Master
bcgov · Jul 15, 2021 · 0559af1 · 0559af1
2 parents e453066 + 5ba1fbe
commit 0559af1
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/Client/README.md b/Client/README.md
@@ -32,9 +32,10 @@ dotnet run
 # Keycloak and generating and using Signed JWT for Client Authentication
 
 Keycloak can generate a keystore.jks file containing the private key for the client application.
-It can also accept the upload of a JKS or PEM certificate or public Key PEM for validating the signed JWT provided by the client during authentication.
+It can also accept the upload of a JKS or PFX certificate or PEM for validating the signed JWT provided by the client during authentication. You can also have Keycloak point to a Url where you keep your public keys, in a JWKS file, and then you are responsible for generating/maintaining your certificates and their corresponding public/private key pairs.  This might be attractive for all to minimize configurations needed at Keycloak.
 
-In this example client, the Keycloak administrator provided us with a keystore.jks file.  We need to convert this file to a pem file and then to a RSAPublicKey_out using openssl to allow us to sign the JWT.
+
+In this example client, the Keycloak administrator provides us with a keystore.jks file and its password.  We need to convert this file to a pfx certificate file to allow us to sign the JWT.
 
 Here are the steps, assuming that the private key is created by the Keycloak administrator for you.
 
@@ -54,7 +55,7 @@ used for OAuth 2.0 authentication against Keycloak. You will use the password yo
 
 - you will want to read up on how to store certificates privately and available to the app configurations.
 
-## Getting the public key from your PFX file - in case you want to check your signing.
+## Getting the public key from your PFX file (Optional)
 
 If you want to check the signing of the JWT using your public key, you can create a public key file and then use it to check the signing.  In this case, follow these steps.
 
@@ -71,6 +72,7 @@ openssl pkcs12 -in keystore.pfx -out keystore.pem
 openssl rsa -in keystore.pem -RSAPublicKey_out > keystore_public.txt
 ```
 
+If you paste your base64 encoded Signed Jwt into https://jwt.io, you can then paste in the contents of your public key file to verify that your Jwt is properly signed. This is what Keycloak will do to verify that you signed your Jwt.
 
 # Warning