Hi Stian, I doubt if this was fixed, since the issue is very specific to the algorithm. There is a link in the Jira to another page, where there is a github project simulating and testing the issue, probably you can use it to verify: https://bitbucket.org/b_c/jose4j/issues/134/token-created-by-keycloak-can... Regards, Ori. From: Stian Thorgersen <sthorger(a)redhat.com&gt; Sent: Tuesday, October 22, 2019 4:47 PM To: Ori Doolman <Ori.Doolman(a)cyberark.com&gt; Cc: keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Keycloak issue - Wrong ECDSA signature R and S encoding Can you try with 7.0.1? There has been some changes here since 4.8.3. On Tue, 22 Oct 2019 at 11:57, Ori Doolman <Ori.Doolman@cyberark.com<mailto:Ori.Doolman@cyberark.com>> wrote: Hi, There is a Major bug opened since February this year, which prevents us from deploying Keycloak as an IDP, since we are using Java SpringBoot and ECDSA algorithm for signing the tokens: https://issues.jboss.org/browse/KEYCLOAK-9651<https://urldefense.proof... We cannot change the signature algorithm due to other limitations. Is there any plan to resolve that? Can you speed it up? Thank you, Ori. ---------------------------------------------------------------------- _______________________________________________ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefe...

Hi Stian, I’ve confirmed that bug is still valid in 7.0.1. I added the reproduction details to the Jira issue. Can you increase priority for it? For us, this is a blocker. Thanks, Ori. From: Stian Thorgersen <sthorger(a)redhat.com&gt; Sent: Wednesday, October 23, 2019 9:13 AM To: Ori Doolman <Ori.Doolman(a)cyberark.com&gt; Cc: keycloak-user <keycloak-user(a)lists.jboss.org&gt; Subject: Re: [keycloak-user] Keycloak issue - Wrong ECDSA signature R and S encoding There has been changes specifically around jwk and ecdsa I believe hence why I'm asking for you to confirm your reported bug on a recent version. It's common practice when reporting a bug to check if it's fixed in the latest release or not. On Tue, 22 Oct 2019, 16:28 Ori Doolman, <Ori.Doolman@cyberark.com<mailto:Ori.Doolman@cyberark.com>> wrote: Hi Stian, I doubt if this was fixed, since the issue is very specific to the algorithm. There is a link in the Jira to another page, where there is a github project simulating and testing the issue, probably you can use it to verify: https://bitbucket.org/b_c/jose4j/issues/134/token-created-by-keycloak-can... Regards, Ori. From: Stian Thorgersen <sthorger@redhat.com<mailto:sthorger@redhat.com>> Sent: Tuesday, October 22, 2019 4:47 PM To: Ori Doolman <Ori.Doolman@cyberark.com<mailto:Ori.Doolman@cyberark.com>> Cc: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Subject: Re: [keycloak-user] Keycloak issue - Wrong ECDSA signature R and S encoding Can you try with 7.0.1? There has been some changes here since 4.8.3. On Tue, 22 Oct 2019 at 11:57, Ori Doolman <Ori.Doolman@cyberark.com<mailto:Ori.Doolman@cyberark.com>> wrote: Hi, There is a Major bug opened since February this year, which prevents us from deploying Keycloak as an IDP, since we are using Java SpringBoot and ECDSA algorithm for signing the tokens: https://issues.jboss.org/browse/KEYCLOAK-9651<https://urldefense.proof... We cannot change the signature algorithm due to other limitations. Is there any plan to resolve that? Can you speed it up? Thank you, Ori. ---------------------------------------------------------------------- _______________________________________________ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefe...