External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Clarify FIPS instructions

Browse Source 
Closes #40533

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
This commit is contained in:
andymunro 2025-06-17 03:54:46 -04:00 committed by GitHub
parent c99815ba0e
commit 75cc28a9d1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/guides/server/fips.adoc
View File

@ -118,7 +118,14 @@ Using that option results in stricter security requirements on cryptography and
NOTE: In strict mode, the default keystore type (as well as default truststore type) is BCFKS. If you want to use a different keystore type
it is required to use the option `--https-key-store-type` with appropriate type. A similar command might be needed for the truststore as well if you want to use it.
When starting the server, you can check that the startup log contains `KC` provider with the note about `Approved Mode` such as the following:
When starting the server, you can include TRACE level in the startup command. For example:
[source,bash,subs=+attributes]
----
--log-level=INFO,org.keycloak.common.crypto.CryptoIntegration:TRACE
----
By using TRACE level, you can check that the startup log contains `KC` provider with the note about `Approved Mode` such as the following:
[source]
----