Uploaded image for project: 'Red Hat build of Keycloak'
  1. Red Hat build of Keycloak
  2. RHBK-2855

Clarify FIPS verification instructions

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Minor Minor
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      [Issue Summary]:

      In the FIPS strict mode section of the Server Guide - https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/24.0/html-single/server_guide/index#fips-strict-mode , it shows a log entry that should be present if FIPS mode is enabled, but it always seemed to require TRACE to be enabled as well. This used to be present in previous versions, but is no longer present in 24.0.8.

      [Support Engineer Analysis]:
      The documentation for FIPS, as described above, mentions that:

      “When starting the server, you can check that the startup log contains KC provider with the note about Approved Mode such as the following:”

      However, this requires TRACE logging.

      Note that it seems this has always required TRACE logging[line 30/40]:

      https://github.com/keycloak/keycloak/blame/release/26.0/common/src/main/java/org/keycloak/common/crypto/CryptoIntegration.java

      [To Engineering]:

      Is it intended to require TRACE logging? If so, we can add a caveat to the documentation that the specified log entry requires TRACE logging.

              amunro@redhat.com Andrew Munro
              amunro@redhat.com Andrew Munro
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: