Marek Posolda

@trixpan @pedroigor This is good point that most places required to use FIPS will also be required to have policies enforcing good passwords. On the other hand, the FedRamp recommendation...

@stianst I am also not able to find anything concrete around password policies in FIPS 140-2. Asked on various places (keycloak-fips ML etc), but not have any clear answer. Fact...

@stianst I've updated PR as we discussed and as specified in the last comment. Can you please re-review? I've used separate commit for the updates, so it is easily possible...

@stianst Thanks for the review. I've updated PR to: - Adding separate static class with util method for padding. This is consumed by Pbkdf2PasswordHashProvider. Also added unit test for that...

Set to Keycloak 21 for now, but it can be postponed further. If there is someone interested in contributing the fix, it will be welcome.

@pedro-hos Thanks Pedro! Yes, it will be good if you can change your implementation to use Base64Url encoding of the cookie itself. In your current PR, there are test failures,...

@pedro-hos I've did some digging and ended up creating alternative PR for this - https://github.com/keycloak/keycloak/pull/14560 . It uses URL Encoding instead of Base64Url just for the backwards compatibility (although Base64Url...

I see we can possibly address by have some way to manually invalidate resources - for example directly from admin console - and have manual way to re-generate resources tag....

@pedro-hos Sent the PR with alternative solution for this https://github.com/keycloak/keycloak/pull/14560

@pedro-hos Closing as this was addressed by https://github.com/keycloak/keycloak/pull/14560 . But Thanks for the initial PR and taking the initiative to start this work.