[keycloak-user] Keycloak issue - Wrong ECDSA signature R and S encoding
Stian Thorgersen
sthorger at redhat.com
Wed Oct 23 02:13:24 EDT 2019
There has been changes specifically around jwk and ecdsa I believe hence
why I'm asking for you to confirm your reported bug on a recent version.
It's common practice when reporting a bug to check if it's fixed in the
latest release or not.
On Tue, 22 Oct 2019, 16:28 Ori Doolman, <Ori.Doolman at cyberark.com> wrote:
> Hi Stian,
>
> I doubt if this was fixed, since the issue is very specific to the
> algorithm. There is a link in the Jira to another page, where there is a
> github project simulating and testing the issue, probably you can use it to
> verify:
>
>
> https://bitbucket.org/b_c/jose4j/issues/134/token-created-by-keycloak-cannot-be
>
>
>
> Regards,
>
> Ori.
>
>
>
>
>
> *From:* Stian Thorgersen <sthorger at redhat.com>
> *Sent:* Tuesday, October 22, 2019 4:47 PM
> *To:* Ori Doolman <Ori.Doolman at cyberark.com>
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Keycloak issue - Wrong ECDSA signature R
> and S encoding
>
>
>
> Can you try with 7.0.1? There has been some changes here since 4.8.3.
>
>
>
> On Tue, 22 Oct 2019 at 11:57, Ori Doolman <Ori.Doolman at cyberark.com>
> wrote:
>
> Hi,
> There is a Major bug opened since February this year, which prevents us
> from deploying Keycloak as an IDP, since we are using Java SpringBoot and
> ECDSA algorithm for signing the tokens:
>
> https://issues.jboss.org/browse/KEYCLOAK-9651
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.jboss.org_browse_KEYCLOAK-2D9651&d=DwMFaQ&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=n6NO5Clze7ZchQbaP_6PQCUL6kL22YXpxa_KBwxYQf8&s=_O5q5y4n9niS8_Jr2HOCGLszT8ocilxzZGxdS5P9YAY&e=>
>
> We cannot change the signature algorithm due to other limitations.
>
> Is there any plan to resolve that?
> Can you speed it up?
>
> Thank you,
> Ori.
>
>
> ----------------------------------------------------------------------
> _______________________________________________
> This e-mail may contain information that is confidential, privileged or
> otherwise protected from disclosure.
> If you are not an intended recipient of this e-mail, do not duplicate or
> redistribute it by any means. Please delete it and any attachments and
> notify the sender that you have received it in error.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwMFaQ&c=E55fojPA83XrPGfndbiaQQ&r=o_QF9VVN9H4LTRTYF8YMPkr6mGZ6BOo1SvoOkvu0tBw&m=n6NO5Clze7ZchQbaP_6PQCUL6kL22YXpxa_KBwxYQf8&s=x9wrWgWK_2_UOgIdekONQdxy_f4eXoUb7ThQoHZ0ISQ&e=>
>
>
More information about the keycloak-user
mailing list