Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support FIPS compliant BC #2230

Closed
Tracked by #1140
strehle opened this issue Mar 6, 2023 · 7 comments · Fixed by #2693
Closed
Tracked by #1140

Support FIPS compliant BC #2230

strehle opened this issue Mar 6, 2023 · 7 comments · Fixed by #2693
Labels
accepted Accepted the issue

Comments

@strehle
Copy link
Member

strehle commented Mar 6, 2023
edited
Loading

Support https://www.bouncycastle.org/fips-java/ instead of only https://www.bouncycastle.org/java.html

CF seems to provide FIPS containers, e.g. cloudfoundry/uaa-release#358 but then UAA should support FIPS in runtime
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/184630015

The labels on this github issue will be updated when the story is started.

@strehle
Copy link
Member Author

strehle commented Nov 22, 2023

Plan:
SAML2 , signing done via opensaml #2561, wait until update of opensaml , then enable FIPS in BC

OIDC done with deprecated #2229 , move to jose-jwt and then enable FIPS in BC initialization

@jochenehret jochenehret mentioned this issue Dec 5, 2023
Closed
@Tallicia Tallicia changed the title Support FIPS complaint BC Support FIPS compliant BC Dec 6, 2023
@Tallicia
Copy link
Contributor

Tallicia commented Jan 8, 2024

Do we need to to wait for the update of openSAML to enable FIPS in BC? We have had FIPS compliant releases with bionic with the existing SAML and BC libraries.

@strehle
Copy link
Member Author

strehle commented Jan 8, 2024

Do we need to to wait for the update of openSAML to enable FIPS in BC? We have had FIPS compliant releases with bionic with the existing SAML and BC libraries.

not necessarily, but I would like to first merge #2624 and then I can start on working to move towards BC with FIPs.

@Tallicia
Copy link
Contributor

Tallicia commented Jan 25, 2024
edited
Loading

#2624 is merged, so this is likely ready as well @hsinn0 is this on your radar?

@hsinn0
Copy link
Contributor

hsinn0 commented Jan 26, 2024
edited
Loading

so this is likely ready as well @hsinn0 is this on your radar?

@Tallicia, not sure what you mean. Our tribute handles SAP PRs not Issues.

strehle added a commit that referenced this issue Jan 27, 2024
@strehle
Refactor BouncyCastleProvider to BouncyCastleFipsProvider
e71a5e7 
Solves issue #2230
@strehle strehle mentioned this issue Jan 27, 2024
Merged
@strehle strehle linked a pull request Jan 27, 2024 that will close this issue
Refactor BouncyCastleProvider to BouncyCastleFipsProvider #2693
Merged
@strehle
Copy link
Member Author

strehle commented Jan 27, 2024

so this is likely ready as well @hsinn0 is this on your radar?

@Tallicia, not sure what you mean. Our tribute handles SAP PRs not Issues.

finally here the PR #2693

strehle added a commit that referenced this issue Jan 31, 2024
@strehle
Refactor BouncyCastleProvider to BouncyCastleFipsProvider (#2693)
7fb5c56 
Solves issue #2230
@cf-gitbot cf-gitbot added delivered accepted Accepted the issue and removed delivered labels Mar 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted Accepted the issue
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor BouncyCastleProvider to BouncyCastleFipsProvider cloudfoundry/uaa
4 participants
@cf-gitbot @Tallicia @strehle @hsinn0