mirror of
https://github.com/keycloak/keycloak.git
synced 2025-12-16 12:05:49 -06:00
768cea1b82
* Add FIPS test suite to the new tests Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Tweaks to FIPS suite in new test Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: stianst <stianst@gmail.com>
1.4 KiB
1.4 KiB
FIPS 140-2 testing
Integration tests
On a FIPS enabled platform with FIPS enabled OpenJDK 21, you can run this to test against a Keycloak server with FIPS 140-2 integration enabled.
./mvnw clean package -nsu -B -f tests/base/pom.xml \
-Dcom.redhat.fips=false \
-Dtest=FipsStrictTestSuite,FipsNonStrictTestSuite
FIPS test suite configuration (strict and non-strict): FipsStrictTestSuite, FipsNonStrictTestSuite
NOTE 1: The property com.redhat.fips is required for disabling FIPS in JVM, on a FIPS enabled environment (operating system or container), where the test suite is executed.
NOTE 3: Example of the server startup log, running in an environment (both -> JVM and operating system/container), where FIPS is enabled:
2022-10-11 19:34:29,521 DEBUG [org.keycloak.common.crypto.CryptoIntegration] (main) Using the crypto provider: org.keycloak.crypto.fips.FIPS1402Provider
2022-10-11 19:34:31,072 TRACE [org.keycloak.common.crypto.CryptoIntegration] (main) Java security providers: [
KC(BCFIPS version 1.000203, FIPS-JVM: enabled) version 1.0 - class org.keycloak.crypto.fips.KeycloakFipsSecurityProvider,
BCFIPS version 1.000203 - class org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider,
BCJSSE version 1.001202 - class org.bouncycastle.jsse.provider.BouncyCastleJsseProvider,
]