[keycloak-user] Keycloak issue - Wrong ECDSA signature R and S encoding

Ori Doolman Ori.Doolman at cyberark.com
Tue Oct 22 10:28:09 EDT 2019


Hi Stian,
I doubt if this was fixed, since the issue is very specific to the algorithm. There is a link in the Jira to another page, where there is a github project simulating and testing the issue, probably you can use it to verify:
https://bitbucket.org/b_c/jose4j/issues/134/token-created-by-keycloak-cannot-be

Regards,
Ori.


From: Stian Thorgersen <sthorger at redhat.com>
Sent: Tuesday, October 22, 2019 4:47 PM
To: Ori Doolman <Ori.Doolman at cyberark.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Keycloak issue - Wrong ECDSA signature R and S encoding

Can you try with 7.0.1? There has been some changes here since 4.8.3.

On Tue, 22 Oct 2019 at 11:57, Ori Doolman <Ori.Doolman at cyberark.com<mailto:Ori.Doolman at cyberark.com>> wrote:
Hi,
There is a Major bug opened since February this year, which prevents us from deploying Keycloak as an IDP, since we are using Java SpringBoot and ECDSA algorithm for signing the tokens:

https://issues.jboss.org/browse/KEYCLOAK-9651<https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_browse_KEYCLOAK-2D9651&d=DwMFaQ&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=n6NO5Clze7ZchQbaP_6PQCUL6kL22YXpxa_KBwxYQf8&s=_O5q5y4n9niS8_Jr2HOCGLszT8ocilxzZGxdS5P9YAY&e=>

We cannot change the signature algorithm due to other limitations.

Is there any plan to resolve that?
Can you speed it up?

Thank you,
Ori.


----------------------------------------------------------------------
_______________________________________________
This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure.
If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwMFaQ&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=n6NO5Clze7ZchQbaP_6PQCUL6kL22YXpxa_KBwxYQf8&s=x9wrWgWK_2_UOgIdekONQdxy_f4eXoUb7ThQoHZ0ISQ&e=>


More information about the keycloak-user mailing list