-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIPS Support #36
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
At this time this is more of a discussion placeholder than an actual intent to implement.
FIPS is not supported at the moment. IF we want to move to supporting FIPS in our identity config we will need to spend some time understanding the different bouncy-castle libraries. This primarily impacts the x509 plugin source code, but will probably affect the other pieces as well.
At the moment we utilize the
bcpg-fips
library, but based on bouncy-castle documentation that also requires at least a library for FIPS algorithms and potentially also using thebc-fips
general FIPS library that isn't specific to OpenPGP.Current bouncy-castle and Keycloak crypto libraries:
Libraries that should be looked into:
Describe the solution you'd like
Testing Gotcha's
keycloak-crypto-defualt
library after thebcpg-fips
library.Links
Official Keycloak FIPS140-2 Docs
Maven Repo description of bcpg-fips
The text was updated successfully, but these errors were encountered: