Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-6767

FAPI (Financial API) Security Profile Support

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • 14.0.0
    • None
    • OIDC
    • None
    • NEW
    • NEW

    Description

      We've been trying to use keycloak to protect API services provided by financial institutions. Under govermental reguration (e.g. Payment Service Directive(PSD2) in Europe), high level security is required for financial sector. One of the most promising security standard for financial API services is Financial API(FAPI) of OpenID Foundation. This is still implementer’s draft, but banking API systems compliant to FAPI are being implemented in some countries.

      We've investigated keycloak and found that keycloak does not meet some of FAPI Security Profile requirements.We've been engaging in realizing them in keycloak, but had a lot of works. Is there someone who is interested in it?

      Attachments

        Issue Links

          is related to

          Feature Request - Feature requests from customers and/or users KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-6768 Signed and Encrypted ID Token Support

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-6769 Multi-factor authentication and its corresponding "acr" value in ID Token

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-6770 JWS signatures using ES256 algorithms for signing

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-6771 Holder of Key mechanism: OAuth 2.0 Certificate Bound Access Tokens

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - A task that needs to be done. KEYCLOAK-11846 OpenID Connect Financial-grade API: Client Initiated Backchannel Authentication Profile

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Enhancement - An enhancement or refactoring of existing functionality KEYCLOAK-5661 OIDC Financial API Read Only Profile : scope MUST be returned in the response from Token Endpoint

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Enhancement - An enhancement or refactoring of existing functionality KEYCLOAK-6700 Financial API Read and Write API Security Profile : State hash value (s_hash) to protect state parameter

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Enhancement - An enhancement or refactoring of existing functionality KEYCLOAK-5811 OIDC Client Authentication by JWS Client Assertion in client_secret_jwt

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          relates to

          Task - A task that needs to be done. KEYCLOAK-9560 [SPIKE] Evaluate FAPI

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Task - A task that needs to be done. KEYCLOAK-10331 Pass All Conformance Tests for FAPI OpenID testsuite after Keycloak 15

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: KEYCLOAK

              People

                Unassigned Unassigned
                tnorimat Takashi Norimatsu (Inactive)
                Votes:
                10 Vote for this issue
                Watchers:
                20 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: