[KEYCLOAK-7] Troubleshoot running Keycloak in FIPS mode Created: 05/Feb/24 Updated: 07/Feb/24 Resolved: 07/Feb/24 |
|
| Status: | Closed |
| Project: | folio-keycloak |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P1 |
| Reporter: | Craig McNally | Assignee: | Taras Spashchenko |
| Resolution: | Done | Votes: | 0 |
| Labels: | back-end, epam-eureka, eureka-phase4 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | Eureka Sprint 45 | ||||||||
| Story Points: | 3 | ||||||||
| Development Team: | Eureka | ||||||||
| RCA Group: | TBD | ||||||||
| Description |
OverviewWork with FSE (Maksym Sinichenkom) to troubleshoot running Keycloak in FIPS mode. ScopeCollaborate/brainstorm with Eureka and DevOps to get Keycloak stable in FIPS mode. NotesKeycloak FIPS 140-2 support: https://www.keycloak.org/server/fips#_keycloak_server_in_fips_mode_in_containers Work done by Oleksandr Oliinyk to enable FIPS: https://github.com/folio-org/folio-keycloak/pull/3 Conversation in Teams Acceptance Criteria
|
| Comments |
| Comment by Maksym Sinichenkom [ 06/Feb/24 ] |
|
Used same docker image - form folio-keycloak master branch. For regular deployment (evrk) it works fine but for Hardened image used for LoC getting an error during keystore generation Exception in thread "main" java.lang.IllegalAccessError: class org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom (in unnamed module @0x1b1f5012) cannot access class sun.security.provider.SecureRandom (in module java.base) because module java.base does not export sun.security.provider to unnamed module @0x1b1f5012 |