-
Bug
-
Resolution: Done
-
Major
-
2.7.5.ER1, 2.7.5.ER2, 2.7.5.ER3, 2.7.5.ER4
I would like to use OIDC with mtls over FIPS.
The certificates that I am thinking to use are BCFIPSJSSE (BouncyCastleJsseProvider) as we do in other modules. The problem that I have is that there is no quarkus.oidc.tls.key-store-provider / quarkus.oidc.tls.trust-store-provider.
application.properties
quarkus.http.auth.permission.authenticated.paths=/*
quarkus.http.auth.permission.authenticated.policy=authenticated
quarkus.oidc.token.lifespan-grace=5
quarkus.oidc.token.principal-claim=email
quarkus.oidc.token.issuer=${quarkus.oidc.auth-server-url}
quarkus.oidc.tls.verification=certificate-validation
quarkus.oidc.tls.key-store-file=client-bcfips-keystore.jks
#quarkus.oidc.tls.key-store-file=client-keystore.jks
quarkus.oidc.tls.key-store-file-type=BCFKS
quarkus.oidc.tls.key-store-password=password
quarkus.oidc.tls.trust-store-file=client-bcfips-truststore.jks
#quarkus.oidc.tls.trust-store-file=client-truststore.jks
quarkus.oidc.tls.trust-store-file-type=BCFKS
quarkus.oidc.tls.trust-store-password=password
OIDC configuration doc ref: https://quarkus.io/guides/all-config#quarkus-oidc_quarkus-oidc-openid-connect
The issue that I am trying to avoid is something like:
Caused by: java.security.KeyStoreException: BCFKS not found
- links to