Reputation: 925
Is KeyCloak FIPS compliant?
We are going to use KeyCloak in one of our enterprise solutions. I would like to understand if KeyCloak is fully FIPS 140-2 compliant since we have compliance needs. There is very limited amount of information that I could find regarding this online. For example:-
http://lists.jboss.org/pipermail/keycloak-user/2015-October/003177.html
This is a pretty old link, so might not be updated with latest details.
If this is a wrong place to ask this question, kindly suggest the right one, if any. Thanks in advance!
Upvotes: 1
Views: 1497
Answers (1)
Reputation: 26
After researching, It does appear that in the past year there is a FIPS validated cryptographic module that can be used in KeyCloak (called bouncy castle).
One of the issues is that there is no FIPS 140-2 compliant MFA option for Keycloak. It only supports Google authenticator and Free OTP apps).
Upvotes: 1
Related Questions
- Can FIPS compliant solution have non FIPS compliant libraries
- How to check FIPS 140-2 support in OpenSSL?
- Is Nginx open source FIPS compliant?
- What is compliance with FIPS 140-2 in CRYPTOPP?
- Is FIPS compliance REQUIRED for TLS 1.2 communication in Windows?
- keytool versus FIPS when handling PKCS12 keystores
- Is there a version of iTextSharp that is FIPS compliant?
- Is Keyrock's Project the same as Fiware-Service?
- Are FIPS certified algorithms in .net framework backward compatible?
- FIPS Certification for Android & iPhone