@laskasn CC @cgeorgilakis There are some changes in latest Keycloak related to keys and key use etc. Just to confirm, could you please doublecheck if latest Keycloak 22.0.1 doesn't already address your use-case?

@laskasn CC @cgeorgilakis There are some changes in latest Keycloak related to keys and key use etc. Just to confirm, could you please doublecheck if latest Keycloak 22.0.1 doesn't already address your use-case?

@mposolda what we want is not supported yet in Keycloak.
We want to support different keys per protocol (OIDC, SAML). SAML and OIDC certificates typically have different rotation requirements, i.e. in SAML every 10 years while in OIDC every 6 six months. For details see related jira ticket and related github discussion.

If you want to proceed with this PR, we need to rebase it and move ui changes from old admin console to new admin console.

With the complexity/size of this PR and fairly low priority this is not going to get reviewed/merged, so I'm going to close this at least for now.

I don't think it is needed to be able to use the same keys for enc and sig, and also don't think it really is needed to be able to support different keys per protocol.