├── .gitattributes ├── .github └── workflows │ └── run-conformance-tests.yml ├── .gitignore ├── FAPI-SIG ├── documents │ ├── ClientPolicies │ │ ├── ClientPoliciesPracticalGuide.pdf │ │ └── ClientPoliciesRevised.pdf │ ├── EdDSA │ │ └── EdDSATokenSignVerifyKeyManagementDesign.pdf │ ├── FAPI-BR │ │ └── README.md │ ├── FAPI-CIBA │ │ ├── CIBA_ImplPracticalGuide.pdf │ │ ├── CIBA_PrototypeImplPracticalGuide.pdf │ │ └── FAPI-CIBA_ContributionGuide.pdf │ └── OIDC-Client-Keys │ │ └── FAPI-SIG-Annex_OIDC_Client_Keys.pdf ├── meetings │ ├── 10th │ │ ├── 10th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_10th_MTG_agenda.pdf │ ├── 11th │ │ ├── 11th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_11th_MTG_agenda.pdf │ ├── 12th │ │ ├── 12th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_12th_MTG_agenda.pdf │ ├── 13th │ │ ├── 13th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_13th_MTG_agenda.pdf │ ├── 14th │ │ ├── 14th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_14th_MTG_agenda.pdf │ ├── 15th │ │ ├── 15th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_15th_MTG_agenda.pdf │ ├── 16th │ │ ├── 16th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_16th_MTG_agenda.pdf │ ├── 17th │ │ ├── 17th_MTG_Minute │ │ └── presentations │ │ │ └── FAPI-SIG_17th_MTG_agenda.pdf │ ├── 18th │ │ ├── 18th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_18th_MTG_agenda.pdf │ ├── 19th │ │ ├── 19th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_19th_MTG_agenda.pdf │ ├── 1st │ │ ├── 1st_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_1st_MTG_agenda.pdf │ ├── 20th │ │ ├── 20th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_20th_MTG_agenda.pdf │ ├── 21st │ │ ├── 21st_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_21st_MTG_agenda.pdf │ ├── 22nd │ │ ├── 22nd_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_22nd_MTG_agenda.pdf │ ├── 23rd │ │ ├── 23rd_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_23rd_MTG_agenda.pdf │ ├── 24th │ │ ├── 24th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_24th_MTG_agenda.pdf │ ├── 25th │ │ ├── 25th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_25th_MTG_agenda.pdf │ ├── 26th │ │ ├── 26th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_26th_MTG_agenda.pdf │ ├── 27th │ │ ├── 27th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_27th_MTG_agenda.pdf │ ├── 28th │ │ ├── 28th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_28th_MTG_agenda.pdf │ ├── 29th │ │ ├── 29th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_29th_MTG_agenda.pdf │ ├── 2nd │ │ ├── 2nd_MTG_Minute.txt │ │ └── presentations │ │ │ ├── FAPI-SIG_2nd_MTG_agenda.pdf │ │ │ └── FAPI_Support_Milestone.pdf │ ├── 30th │ │ ├── 30th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_30th_MTG_agenda.pdf │ ├── 31st │ │ ├── 31st_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_31sth_MTG_agenda.pdf │ ├── 32nd │ │ ├── 32nd_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_32nd_MTG_agenda.pdf │ ├── 33rd │ │ ├── 33rd_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_33rd_MTG_agenda.pdf │ ├── 34th │ │ ├── 34th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_34th_MTG_agenda.pdf │ ├── 35th │ │ ├── 35th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_35th_MTG_agenda.pdf │ ├── 36th │ │ ├── 36th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_36th_MTG_agenda.pdf │ ├── 37th │ │ ├── 37th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_37th_MTG_agenda.pdf │ ├── 38th │ │ ├── 38th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_38th_MTG_agenda.pdf │ ├── 39th │ │ ├── 39th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_39th_MTG_agenda.pdf │ ├── 3rd │ │ ├── 3rd_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_3rd_MTG_agenda.pdf │ ├── 40th │ │ ├── 40th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_40th_MTG_agenda.pdf │ ├── 41st │ │ ├── 41st_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_41st_MTG_agenda.pdf │ ├── 42nd │ │ ├── 42nd_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_42nd_MTG_agenda.pdf │ ├── 43rd │ │ ├── 43rd_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_43rd_MTG_agenda.pdf │ ├── 44th │ │ ├── 44th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_44th_MTG_agenda.pdf │ ├── 45th │ │ ├── 45th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_45th_MTG_agenda.pdf │ ├── 4th │ │ ├── 4th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_4th_MTG_agenda.pdf │ ├── 5th │ │ ├── 5th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_5th_MTG_agenda .pdf │ ├── 6th │ │ ├── 6th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_6th_MTG_agenda .pdf │ ├── 7th │ │ ├── 7th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_7th_MTG_agenda.pdf │ ├── 8th │ │ ├── 8th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_8th_MTG_agenda.pdf │ ├── 9th │ │ ├── 9th_MTG_Minute.txt │ │ └── presentations │ │ │ └── FAPI-SIG_9th_MTG_agenda.pdf │ └── FAPI-SIG_MTG_agenda_template.pptx └── updates │ ├── FAPI_Update_No1_JPN.pdf │ ├── FAPI_Update_No2_JPN.pdf │ ├── FAPI_Update_No3_JPN.pdf │ └── FAPI_Update_No4_JPN.pdf ├── KeyConf └── Keyconf 23 │ ├── 2023 Kannan - Francis - Keycloak - Open Banking.pdf │ ├── 2023 Marek Keyconf - Keycloak - future feature ideas.pdf │ ├── 2023 Marek Keyconf - Keycloak - recently added features.pdf │ └── Secure Access Management with EGI Check-in_ Latest Advancements and Future Direction.pptx.pdf ├── LICENSE ├── OAuth-SIG ├── Breakouts │ └── OID4VCs │ │ ├── 10th │ │ └── OAuth-SIG_OID4VC_10th_Breakout.pdf │ │ ├── 11th │ │ └── OAuth-SIG_OID4VC_11th_Breakout.pdf │ │ ├── 12th │ │ └── OAuth-SIG_OID4VC_12th_Breakout.pdf │ │ ├── 13th │ │ └── OAuth-SIG_OID4VC_13th_Breakout.pdf │ │ ├── 14th │ │ └── OAuth-SIG_OID4VC_14th_Breakout.pdf │ │ ├── 16th │ │ └── OAuth-SIG_OID4VC_16th_Breakout.pdf │ │ ├── 17th │ │ └── OAuth-SIG_OID4VC_17th_Breakout.pdf │ │ ├── 19th │ │ └── OAuth-SIG_OID4VC_19th_Breakout.pdf │ │ ├── 20th │ │ └── OAuth-SIG_OID4VC_20th_Breakout3.pdf │ │ ├── 21st │ │ └── OAuth-SIG_OID4VC_21st_Breakout.pdf │ │ ├── 2nd │ │ └── 2nd_breakout_session_minute.txt │ │ ├── 3rd │ │ ├── 3rd_breakout_session_minute.txt │ │ └── OAuth-SIG_OID4VC_3rd_Breakout.pdf │ │ ├── 4th │ │ └── OAuth-SIG_OID4VC_4th_Breakout.pdf │ │ ├── 5th │ │ └── OAuth-SIG_OID4VC_5th_Breakout.pdf │ │ ├── 6th │ │ └── OAuth-SIG_OID4VC_6th_Breakout.pdf │ │ ├── 7th │ │ └── OAuth-SIG_OID4VC_7th_Breakout.pdf │ │ ├── 8th │ │ └── OAuth-SIG_OID4VC_8th_Breakout.pdf │ │ └── 9th │ │ └── OAuth-SIG_OID4VC_9th_Breakout.pdf └── meetings │ ├── 10th │ ├── 10th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_10th_MTG_agenda.pdf │ ├── 11th │ ├── 11th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_11th_MTG_agenda.pdf │ ├── 12th │ ├── 12th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_12th_MTG_agenda.pdf │ ├── 13th │ ├── 13th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_13th_MTG_agenda.pdf │ ├── 14th │ ├── 14th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_14th_MTG_agenda.pdf │ ├── 15th │ ├── 15th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_15th_MTG_agenda.pdf │ ├── 16th │ ├── 16th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_16th_MTG_agenda.pdf │ ├── 17th │ ├── 17th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_17th_MTG_agenda.pdf │ ├── 18th │ ├── 18th_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_18th_MTG_agenda.pdf │ ├── 19th │ └── presentations │ │ └── OAuth-SIG_19th_MTG_agenda.pdf │ ├── 1st │ ├── 1st_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_1st_MTG_agenda.pdf │ ├── 20th │ ├── 20th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_20th_MTG_agenda.pdf │ ├── 21st │ ├── 21st_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_21st_MTG_agenda.pdf │ ├── 22nd │ ├── 22nd_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_22nd_MTG_agenda.pdf │ ├── 23rd │ ├── 23rd_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_23rd_MTG_agenda.pdf │ ├── 24th │ ├── 24th_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_24th_MTG_agenda.pdf │ ├── 25th │ ├── 25th_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_25th_MTG_agenda.pdf │ ├── 26th │ ├── 26th_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_26th_MTG_agenda.pdf │ ├── 27th │ ├── 27th_MTG_Minute.pdf │ └── presentations │ │ └── OAuth-SIG_27th_MTG_agenda.pdf │ ├── 28th │ └── presentations │ │ └── OAuth-SIG_28th_MTG_agenda.pdf │ ├── 2nd │ ├── 2nd_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_2nd_MTG_agenda.pdf │ ├── 3rd │ ├── 3rd_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_3rd_MTG_agenda.pdf │ ├── 4th │ ├── 4th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_4th_MTG_agenda.pdf │ ├── 5th │ ├── 5th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_5th_MTG_agenda.pdf │ ├── 6th │ ├── 6th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_6th_MTG_agenda.pdf │ ├── 7th │ └── presentations │ │ └── OAuth-SIG_7th_MTG_agenda.pdf │ ├── 8th │ ├── 8th_MTG_Minute.txt │ └── presentations │ │ └── OAuth-SIG_8th_MTG_agenda.pdf │ └── 9th │ ├── 9th_MTG_Minute.txt │ └── presentations │ └── OAuth-SIG_9th_MTG_agenda.pdf ├── README.md ├── conformance-tests-env ├── .env ├── LICENSE ├── README.md ├── common │ ├── api-gateway-nginx │ │ ├── Dockerfile │ │ ├── dpop-fapi-verify.lua │ │ ├── entrypoint.sh │ │ ├── fapi-verify.lua │ │ └── nginx.conf.template │ ├── https │ │ ├── .gitignore │ │ ├── ca-config.json │ │ ├── ca-csr.json │ │ ├── ca-key.pem │ │ ├── ca.pem │ │ ├── client-ca-csr.json │ │ ├── client-ca-key.pem │ │ ├── client-ca.pem │ │ ├── client1-csr.json │ │ ├── client1-key.pem │ │ ├── client1.pem │ │ ├── client2-csr.json │ │ ├── client2-key.pem │ │ ├── client2.pem │ │ ├── generate-clients.sh │ │ ├── generate-server.sh │ │ ├── server-csr.json │ │ ├── server-key.pem │ │ └── server.pem │ └── load-balancer │ │ ├── Dockerfile │ │ ├── haproxy.cfg │ │ └── haproxy_two-frontends.cfg ├── conformance-suite │ ├── conformance-suite │ │ ├── Dockerfile │ │ ├── run-tests.sh │ │ └── server-entrypoint.sh │ ├── fapi-conformance-suite-configs │ │ ├── .gitignore │ │ ├── fapi-aus-cdr │ │ │ ├── fapi-aus-cdr-private-key-PS256-PS256-automated.json │ │ │ ├── fapi-aus-cdr-private-key-PS256-PS256.json │ │ │ ├── fapi-aus-cdr-private-key-par-PS256-PS256-automated.json │ │ │ ├── fapi-aus-cdr-private-key-par-PS256-PS256.json │ │ │ ├── fapi-aus-cdr-private-key-par-jarm-PS256-PS256-automated.json │ │ │ └── fapi-aus-cdr-private-key-par-jarm-PS256-PS256.json │ │ ├── fapi-ciba │ │ │ ├── fapi-ciba-id1-ping-mtls-ES256-ES256-automated.json │ │ │ ├── fapi-ciba-id1-ping-mtls-ES256-ES256.json │ │ │ ├── fapi-ciba-id1-ping-mtls-PS256-PS256-automated.json │ │ │ ├── fapi-ciba-id1-ping-mtls-PS256-PS256.json │ │ │ ├── fapi-ciba-id1-ping-private-key-ES256-ES256-automated.json │ │ │ ├── fapi-ciba-id1-ping-private-key-ES256-ES256.json │ │ │ ├── fapi-ciba-id1-ping-private-key-PS256-PS256-automated.json │ │ │ ├── fapi-ciba-id1-ping-private-key-PS256-PS256.json │ │ │ ├── fapi-ciba-id1-poll-mtls-ES256-ES256-automated.json │ │ │ ├── fapi-ciba-id1-poll-mtls-ES256-ES256.json │ │ │ ├── fapi-ciba-id1-poll-mtls-PS256-PS256-automated.json │ │ │ ├── fapi-ciba-id1-poll-mtls-PS256-PS256.json │ │ │ ├── fapi-ciba-id1-poll-private-key-ES256-ES256-automated.json │ │ │ ├── fapi-ciba-id1-poll-private-key-ES256-ES256.json │ │ │ ├── fapi-ciba-id1-poll-private-key-PS256-PS256-automated.json │ │ │ └── fapi-ciba-id1-poll-private-key-PS256-PS256.json │ │ ├── fapi-uk-ob │ │ │ ├── fapi-uk-ob-mtls-PS256-PS256-automated.json │ │ │ ├── fapi-uk-ob-mtls-PS256-PS256.json │ │ │ ├── fapi-uk-ob-private-key-PS256-PS256-automated.json │ │ │ └── fapi-uk-ob-private-key-PS256-PS256.json │ │ ├── fapi1-advanced │ │ │ ├── fapi1-advanced-final-with-mtls-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-final-with-mtls-ES256-ES256.json │ │ │ ├── fapi1-advanced-final-with-mtls-PS256-PS256-automated.json │ │ │ ├── fapi1-advanced-final-with-mtls-PS256-PS256.json │ │ │ ├── fapi1-advanced-final-with-private-key-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-final-with-private-key-ES256-ES256.json │ │ │ ├── fapi1-advanced-final-with-private-key-PS256-PS256-automated.json │ │ │ ├── fapi1-advanced-final-with-private-key-PS256-PS256.json │ │ │ ├── fapi1-advanced-jarm-mtls-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-jarm-mtls-ES256-ES256.json │ │ │ ├── fapi1-advanced-jarm-mtls-PS256-PS256-automated.json │ │ │ ├── fapi1-advanced-jarm-mtls-PS256-PS256.json │ │ │ ├── fapi1-advanced-jarm-private-key-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-jarm-private-key-ES256-ES256.json │ │ │ ├── fapi1-advanced-jarm-private-key-PS256-PS256-automated.json │ │ │ ├── fapi1-advanced-jarm-private-key-PS256-PS256.json │ │ │ ├── fapi1-advanced-par-jarm-mtls-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-par-jarm-mtls-ES256-ES256.json │ │ │ ├── fapi1-advanced-par-jarm-mtls-PS256-PS256-automated.json │ │ │ ├── fapi1-advanced-par-jarm-mtls-PS256-PS256.json │ │ │ ├── fapi1-advanced-par-jarm-private-key-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-par-jarm-private-key-ES256-ES256.json │ │ │ ├── fapi1-advanced-par-jarm-private-key-PS256-PS256-automated.json │ │ │ ├── fapi1-advanced-par-jarm-private-key-PS256-PS256.json │ │ │ ├── fapi1-advanced-par-mtls-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-par-mtls-ES256-ES256.json │ │ │ ├── fapi1-advanced-par-mtls-PS256-PS256-automated.json │ │ │ ├── fapi1-advanced-par-mtls-PS256-PS256.json │ │ │ ├── fapi1-advanced-par-private-key-ES256-ES256-automated.json │ │ │ ├── fapi1-advanced-par-private-key-ES256-ES256.json │ │ │ ├── fapi1-advanced-par-private-key-PS256-PS256-automated.json │ │ │ └── fapi1-advanced-par-private-key-PS256-PS256.json │ │ ├── fapi2-ms-final │ │ │ ├── fapi2-final-FAPI2MS-DPOP-JARM-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2MS-DPOP-JARM-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2MS-DPOP-JARM-private-key-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2MS-DPOP-JARM-private-key-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2MS-DPoP-JAR-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2MS-DPoP-JAR-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2MS-DPoP-JAR-private-key-MTLS-PS256-PS256-automated.json │ │ │ ├── fapi2-final-FAPI2MS-DPoP-JAR-private-key-MTLS-PS256-PS256.json │ │ │ ├── fapi2-final-FAPI2MS-JAR-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2MS-JAR-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2MS-JAR-private-key-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2MS-JAR-private-key-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2MS-JARM-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2MS-JARM-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2MS-JARM-private-key-MTLS-PS256-PS256-automated.json │ │ │ └── fapi2-final-FAPI2MS-JARM-private-key-MTLS-PS256-PS256.json │ │ ├── fapi2-ms-id1 │ │ │ ├── fapi2-ID1-FAPI2MS-DPOP-JARM-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-ID1-FAPI2MS-DPOP-JARM-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-ID1-FAPI2MS-DPoP-JAR-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-ID1-FAPI2MS-DPoP-JAR-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-ID1-FAPI2MS-JAR-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-ID1-FAPI2MS-JAR-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-ID1-FAPI2MS-JARM-MTLS-MTLS-ES256-ES256-automated.json │ │ │ └── fapi2-ID1-FAPI2MS-JARM-MTLS-MTLS-ES256-ES256.json │ │ ├── fapi2-sp-final │ │ │ ├── fapi2-final-FAPI2SP-DPOP-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2SP-DPOP-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2SP-DPOP-private-key-MTLS-PS256-PS256-automated.json │ │ │ ├── fapi2-final-FAPI2SP-DPOP-private-key-MTLS-PS256-PS256.json │ │ │ ├── fapi2-final-FAPI2SP-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2SP-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2SP-OpenID-Connect-DPOP-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2SP-OpenID-Connect-DPOP-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2SP-OpenID-Connect-ES256-ES256-automated.json │ │ │ ├── fapi2-final-FAPI2SP-OpenID-Connect-ES256-ES256.json │ │ │ ├── fapi2-final-FAPI2SP-private-key-MTLS-PS256-PS256-automated.json │ │ │ └── fapi2-final-FAPI2SP-private-key-MTLS-PS256-PS256.json │ │ ├── fapi2-sp-id2 │ │ │ ├── fapi2-ID2-FAPI2SP-DPOP-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-ID2-FAPI2SP-DPOP-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-ID2-FAPI2SP-DPOP-private-key-MTLS-PS256-PS256-automated.json │ │ │ ├── fapi2-ID2-FAPI2SP-DPOP-private-key-MTLS-PS256-PS256.json │ │ │ ├── fapi2-ID2-FAPI2SP-MTLS-MTLS-ES256-ES256-automated.json │ │ │ ├── fapi2-ID2-FAPI2SP-MTLS-MTLS-ES256-ES256.json │ │ │ ├── fapi2-ID2-FAPI2SP-OpenID-Connect-DPOP-ES256-ES256-automated.json │ │ │ ├── fapi2-ID2-FAPI2SP-OpenID-Connect-DPOP-ES256-ES256.json │ │ │ ├── fapi2-ID2-FAPI2SP-OpenID-Connect-ES256-ES256-automated.json │ │ │ ├── fapi2-ID2-FAPI2SP-OpenID-Connect-ES256-ES256.json │ │ │ ├── fapi2-ID2-FAPI2SP-private-key-MTLS-PS256-PS256-automated.json │ │ │ └── fapi2-ID2-FAPI2SP-private-key-MTLS-PS256-PS256.json │ │ ├── generate-fapi-conformance-suite-configs.sh │ │ ├── ob-br-fapi1-advanced │ │ │ ├── ob-br-fapi1-advanced-final-with-mtls-PS256-PS256-automated.json │ │ │ ├── ob-br-fapi1-advanced-final-with-mtls-PS256-PS256.json │ │ │ ├── ob-br-fapi1-advanced-final-with-private-key-PS256-PS256-automated.json │ │ │ ├── ob-br-fapi1-advanced-final-with-private-key-PS256-PS256.json │ │ │ ├── ob-br-fapi1-advanced-jarm-mtls-PS256-PS256-automated.json │ │ │ ├── ob-br-fapi1-advanced-jarm-mtls-PS256-PS256.json │ │ │ ├── ob-br-fapi1-advanced-jarm-private-key-PS256-PS256-automated.json │ │ │ ├── ob-br-fapi1-advanced-jarm-private-key-PS256-PS256.json │ │ │ ├── ob-br-fapi1-advanced-par-jarm-mtls-PS256-PS256-automated.json │ │ │ ├── ob-br-fapi1-advanced-par-jarm-mtls-PS256-PS256.json │ │ │ ├── ob-br-fapi1-advanced-par-jarm-private-key-PS256-PS256-automated.json │ │ │ ├── ob-br-fapi1-advanced-par-jarm-private-key-PS256-PS256.json │ │ │ ├── ob-br-fapi1-advanced-par-mtls-PS256-PS256-automated.json │ │ │ ├── ob-br-fapi1-advanced-par-mtls-PS256-PS256.json │ │ │ ├── ob-br-fapi1-advanced-par-private-key-PS256-PS256-automated.json │ │ │ └── ob-br-fapi1-advanced-par-private-key-PS256-PS256.json │ │ ├── of-br-fapi1-advanced │ │ │ ├── of-br-fapi1-advanced-par-private-key-PS256-PS256-automated.json │ │ │ └── of-br-fapi1-advanced-par-private-key-PS256-PS256.json │ │ ├── oidc-logout │ │ │ ├── oidcc-backchannel-rp-initiated-logout-automated.json │ │ │ ├── oidcc-backchannel-rp-initiated-logout.json │ │ │ ├── oidcc-frontchannel-rp-initiated-logout-automated.json │ │ │ ├── oidcc-frontchannel-rp-initiated-logout.json │ │ │ ├── oidcc-rp-initiated-logout-automated.json │ │ │ ├── oidcc-rp-initiated-logout.json │ │ │ ├── oidcc-session-management-automated.json │ │ │ └── oidcc-session-management.json │ │ └── oidc │ │ │ ├── oidcc-3rdparty-init-login-automated.json │ │ │ ├── oidcc-3rdparty-init-login.json │ │ │ ├── oidcc-basic-automated.json │ │ │ ├── oidcc-basic-discovery-dynamic-automated.json │ │ │ ├── oidcc-basic-static-static-automated.json │ │ │ ├── oidcc-basic.json │ │ │ ├── oidcc-config-automated.json │ │ │ ├── oidcc-config.json │ │ │ ├── oidcc-dynamic-automated.json │ │ │ ├── oidcc-dynamic.json │ │ │ ├── oidcc-formpost-basic-automated.json │ │ │ ├── oidcc-formpost-basic-discovery-dynamic-automated.json │ │ │ ├── oidcc-formpost-basic-static-static-automated.json │ │ │ ├── oidcc-formpost-basic.json │ │ │ ├── oidcc-formpost-hybrid-automated.json │ │ │ ├── oidcc-formpost-hybrid-discovery-dynamic-automated.json │ │ │ ├── oidcc-formpost-hybrid-static-static-automated.json │ │ │ ├── oidcc-formpost-hybrid.json │ │ │ ├── oidcc-formpost-implicit-automated.json │ │ │ ├── oidcc-formpost-implicit-discovery-dynamic-automated.json │ │ │ ├── oidcc-formpost-implicit-static-static-automated.json │ │ │ ├── oidcc-formpost-implicit.json │ │ │ ├── oidcc-hybrid-automated.json │ │ │ ├── oidcc-hybrid-discovery-dynamic-automated.json │ │ │ ├── oidcc-hybrid-static-static-automated.json │ │ │ ├── oidcc-hybrid.json │ │ │ ├── oidcc-implicit-automated.json │ │ │ ├── oidcc-implicit-discovery-dynamic-automated.json │ │ │ ├── oidcc-implicit-static-static-automated.json │ │ │ └── oidcc-implicit.json │ └── test-runner │ │ ├── Dockerfile │ │ └── test-runner-entrypoint.sh ├── docker-compose.yml ├── spec │ └── entities │ │ ├── consent-server │ │ ├── Dockerfile │ │ ├── consent-server-info.txt │ │ ├── keycloak-server-info.txt │ │ └── main.go │ │ ├── dpop-proof-signature-verify-server │ │ ├── .gitignore │ │ ├── Dockerfile │ │ ├── go.mod │ │ └── main.go │ │ └── resource-server │ │ ├── .gitignore │ │ ├── Dockerfile │ │ └── main.go ├── test-target │ └── keycloak │ │ ├── entities │ │ ├── auth_entity_server │ │ │ ├── .gitignore │ │ │ ├── Dockerfile │ │ │ ├── auth_entity_server-info.txt │ │ │ ├── keycloak-server-info.txt │ │ │ └── main.go │ │ └── client_private_keys │ │ │ ├── .gitignore │ │ │ ├── Dockerfile │ │ │ ├── generate-keys.sh │ │ │ ├── jwk_enc_PS256_client1-PS256-pub.json │ │ │ ├── jwk_enc_PS256_client1-PS256.json │ │ │ ├── jwk_enc_PS256_client2-PS256-pub.json │ │ │ ├── jwk_enc_PS256_client2-PS256.json │ │ │ ├── jwk_sig_ES256_client1-ES256-pub.json │ │ │ ├── jwk_sig_ES256_client1-ES256.json │ │ │ ├── jwk_sig_ES256_client2-ES256-pub.json │ │ │ ├── jwk_sig_ES256_client2-ES256.json │ │ │ ├── jwk_sig_PS256_client1-PS256-pub.json │ │ │ ├── jwk_sig_PS256_client1-PS256.json │ │ │ ├── jwk_sig_PS256_client2-PS256-pub.json │ │ │ ├── jwk_sig_PS256_client2-PS256.json │ │ │ ├── jwk_sig_RS256_client1-RS256-pub.json │ │ │ ├── jwk_sig_RS256_client1-RS256.json │ │ │ ├── jwk_sig_RS256_client2-RS256-pub.json │ │ │ ├── jwk_sig_RS256_client2-RS256.json │ │ │ ├── jwks_sig_ES256_client1-ES256-pub.json │ │ │ ├── jwks_sig_ES256_client1-ES256.json │ │ │ ├── jwks_sig_ES256_client2-ES256-pub.json │ │ │ ├── jwks_sig_ES256_client2-ES256.json │ │ │ ├── jwks_sig_PS256_client1-PS256-pub.json │ │ │ ├── jwks_sig_PS256_client1-PS256.json │ │ │ ├── jwks_sig_PS256_client2-PS256-pub.json │ │ │ ├── jwks_sig_PS256_client2-PS256.json │ │ │ ├── jwks_sig_RS256_client1-RS256-pub.json │ │ │ ├── jwks_sig_RS256_client1-RS256.json │ │ │ ├── jwks_sig_RS256_client2-RS256-pub.json │ │ │ ├── jwks_sig_RS256_client2-RS256.json │ │ │ └── main.go │ │ └── keycloak │ │ ├── .gitignore │ │ ├── Dockerfile │ │ ├── client-ca.pem │ │ ├── custom-spi.txt │ │ ├── generate-realm.sh │ │ ├── keycloak-custom.properties │ │ ├── oidf.json │ │ ├── realms │ │ ├── realm-fapi-aus-cdr.json │ │ ├── realm-fapi-ciba.json │ │ ├── realm-fapi-uk-ob.json │ │ ├── realm-fapi1-advanced.json │ │ ├── realm-fapi2-ms-final.json │ │ ├── realm-fapi2-ms-id1.json │ │ ├── realm-fapi2-sp-final.json │ │ ├── realm-fapi2-sp-id2.json │ │ ├── realm-local.json │ │ ├── realm-ob-br-fapi1-advanced.json │ │ ├── realm-of-br-fapi1-advanced.json │ │ ├── realm-oidc-logout.json │ │ ├── realm-oidc.json │ │ └── realm.json │ │ └── server.pem └── utils │ ├── generate-all.sh │ └── setup-fqdn.sh └── members.adoc /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf -------------------------------------------------------------------------------- /.github/workflows/run-conformance-tests.yml: -------------------------------------------------------------------------------- 1 | name: run-conformance-tests 2 | run-name: ${{ github.actor }} is running GitHub Actions for automatic conformance tests run 3 | on: 4 | workflow_dispatch: 5 | jobs: 6 | dummy: 7 | if: ${{ false }} 8 | runs-on: ubuntu-latest 9 | steps: 10 | - run: "" -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .bin 2 | 3 | HELP.md 4 | target/ 5 | .mvn/ 6 | mvnw 7 | mvnw.cmd 8 | 9 | ### STS ### 10 | .apt_generated 11 | .classpath 12 | .factorypath 13 | .project 14 | .settings 15 | .springBeans 16 | .sts4-cache 17 | 18 | ### IntelliJ IDEA ### 19 | .idea 20 | *.iws 21 | *.iml 22 | *.ipr 23 | 24 | ### NetBeans ### 25 | /nbproject/private/ 26 | /nbbuild/ 27 | /dist/ 28 | /nbdist/ 29 | /.nb-gradle/ 30 | build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | 35 | 36 | ### Project-specific ### 37 | report/ -------------------------------------------------------------------------------- /FAPI-SIG/documents/ClientPolicies/ClientPoliciesPracticalGuide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/documents/ClientPolicies/ClientPoliciesPracticalGuide.pdf -------------------------------------------------------------------------------- /FAPI-SIG/documents/ClientPolicies/ClientPoliciesRevised.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/documents/ClientPolicies/ClientPoliciesRevised.pdf -------------------------------------------------------------------------------- /FAPI-SIG/documents/EdDSA/EdDSATokenSignVerifyKeyManagementDesign.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/documents/EdDSA/EdDSATokenSignVerifyKeyManagementDesign.pdf -------------------------------------------------------------------------------- /FAPI-SIG/documents/FAPI-BR/README.md: -------------------------------------------------------------------------------- 1 | # Open Banking Brasil Financial-grade API Security Profile 1.0 Implementers Draft 1 2 | https://openbanking-brasil.github.io/specs-seguranca/open-banking-brasil-financial-api-1_ID1.html 3 | 4 | ### Brazil FAPI-BR Example Configuration 5 | https://gitlab.com/openid/conformance-suite/-/wikis/Brazil-Example-Configuration 6 | 7 | ### Brazil DCR Example Configuration 8 | https://gitlab.com/openid/conformance-suite/-/wikis/Brazil-DCR-Example-Configuration 9 | 10 | ### Consent API (openapi docs) 11 | https://openbanking-brasil.github.io/areadesenvolvedor/swagger/swagger_consents_apis.yaml 12 | -------------------------------------------------------------------------------- /FAPI-SIG/documents/FAPI-CIBA/CIBA_ImplPracticalGuide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/documents/FAPI-CIBA/CIBA_ImplPracticalGuide.pdf -------------------------------------------------------------------------------- /FAPI-SIG/documents/FAPI-CIBA/CIBA_PrototypeImplPracticalGuide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/documents/FAPI-CIBA/CIBA_PrototypeImplPracticalGuide.pdf -------------------------------------------------------------------------------- /FAPI-SIG/documents/FAPI-CIBA/FAPI-CIBA_ContributionGuide.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/documents/FAPI-CIBA/FAPI-CIBA_ContributionGuide.pdf -------------------------------------------------------------------------------- /FAPI-SIG/documents/OIDC-Client-Keys/FAPI-SIG-Annex_OIDC_Client_Keys.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/documents/OIDC-Client-Keys/FAPI-SIG-Annex_OIDC_Client_Keys.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/10th/presentations/FAPI-SIG_10th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/10th/presentations/FAPI-SIG_10th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/11th/presentations/FAPI-SIG_11th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/11th/presentations/FAPI-SIG_11th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/12th/presentations/FAPI-SIG_12th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/12th/presentations/FAPI-SIG_12th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/13th/presentations/FAPI-SIG_13th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/13th/presentations/FAPI-SIG_13th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/14th/14th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 14th Meeting 4 | 5 | Date : 6 | Wed 3 Mar 2021 7 | 8 | Time : 9 | 09:00 - 10:00 UTC in 1 hour 10 | 11 | Venue : 12 | Zoom (presented by Adorsys) 13 | 14 | Host : 15 | Francis Pouatcha (Adorsys) 16 | 17 | PM : 18 | Vinod Anandan (Independent) 19 | 20 | Presenter : 21 | Takashi Norimatsu (Hitachi) 22 | 23 | Participants : 24 | TBD 25 | Adorsys - Kyiv 26 | Christophe Lannoy 27 | Kannan Rasappan (Banfico) 28 | Marek Posolda (Red Hat) 29 | Pritish Joshi (Banfico) 30 | 31 | Presentation Materials : 32 | [1] FAPI-SIG Community 14th Meeting Agenda 33 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/14th/presentations/FAPI-SIG_14th_MTG_agenda.pdf 34 | 35 | Summary : 36 | * Updates : FAPI-RW project 37 | [Objective] 38 | In Q2 2021, we can use FAPI-RW security profile support by keycloak and RH-SSO 7.5 39 | [Milestone] 40 | M/S#2 All FAPI-RW Conformance Tests Passed 41 | by 31 March 2021, 4 weeks remaining 42 | 20 of 20 issues resolved (100%) 43 | [Topics] 44 | - Deferred : #45 Integrating FAPI-RW conformance tests run into keycloak’s CI/CD pipeline​ 45 | - Deferred : Follow the final version of FAPI 1.0 46 | Not yet published so that we can not start working on.​ 47 | 48 | * Updates : FAPI-CIBA(poll mode) project 49 | [Objective] 50 | In Q2 2021, we can use FAPI-CIBA(poll mode) security profile support by keycloak and RH-SSO 7.5 51 | [Milestone] 52 | Frozen : M/S#1 All FAPI-CIBA(poll) Pull-Requests Merged 53 | Not yet pure CIBA support PR merged. 54 | [Milestone] 55 | Frozen : M/S#2 All FAPI-CIBA(poll) Conformance Tests Passed 56 | Not yet pure CIBA support PR merged. 57 | [Milestone] 58 | M/S#3 Pure CIBA Pull-Requests Merged​ 59 | by 31 Mar 2021, 4 weeks remaining 60 | 0 of 1 issue resolved (0%) 61 | 62 | * Updates : Client Policy Official Support project 63 | [Milestone] 64 | M/S#1 Client Policy Available on Existing Admin Console 65 | by 31 Mar 2021, 4 weeks remaining 66 | 1 of 3 issues resolved (33%) 67 | [Milestone] 68 | Frozen : M/S#2 Client Policy Available on New Admin Console 69 | Not yet New Admin Console available. 70 | 71 | * Other Discussion Topics 72 | - OIDC Client's Public Keys Management 73 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/documents/OIDC-Client-Keys/FAPI-SIG-Annex_OIDC_Client_Keys.pdf 74 | Hitachi will start working on it. 75 | - Keycloak and Client Authentication on the TLS layer (eIDAS) 76 | Investigation of the current keycloak12 are shown in page 22 to 30 of presentation material [1]. 77 | 78 | * Next Web Meeting 79 | Wed 17 Mar 2021 9:00 - 10:00 UTC in 1 hour 80 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/14th/presentations/FAPI-SIG_14th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/14th/presentations/FAPI-SIG_14th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/15th/presentations/FAPI-SIG_15th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/15th/presentations/FAPI-SIG_15th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/16th/16th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 16th Meeting 4 | 5 | Date : 6 | Wed 31 Mar 2021 7 | 8 | Time : 9 | 09:00 - 10:00 UTC in 1 hour 10 | 11 | Venue : 12 | Zoom (presented by Adorsys) 13 | 14 | Host : 15 | Francis Pouatcha (Adorsys) 16 | 17 | PM : 18 | Vinod Anandan (Independent) 19 | 20 | Presenter : 21 | Takashi Norimatsu (Hitachi) 22 | 23 | Participants : 24 | Adorsys, Kyiv 25 | Dmitry Telegin (Backbase) 26 | Dmytro Mishchuk (Adorsys) 27 | Guy Moyo (Adorsys) 28 | Jon Meyler (Backbase) 29 | Kannan Rasappan (Banfico) 30 | Marek Posolda (Red Hat) 31 | Matthew Conners 32 | Pritish Joshi (Banfico) 33 | 34 | Presentation Materials : 35 | [1] FAPI-SIG Community 16th Meeting Agenda 36 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/16th/presentations/FAPI-SIG_16th_MTG_agenda.pdf 37 | 38 | Recording : 39 | TBD 40 | 41 | Summary : 42 | * Updates : FAPI-CIBA(poll mode) 43 | KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)​ 44 | The keycloak development team has been reviewing it intensively. 45 | 46 | * Updates : Client Policies 47 | KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) 48 | The keycloak development team has been reviewing it intensively. 49 | 50 | * New : OAuth 2.0 Demonstration of Proof-of-Possession (DPoP)​ 51 | Its design document's PR has been submitted (by Backbase) 52 | https://github.com/keycloak/keycloak-community/pull/254 53 | 54 | * New : Pushed Authorization Request (PAR)​ 55 | Its design document's PR has been submitted (by Adorsys) 56 | https://github.com/keycloak/keycloak-community/pull/255 57 | 58 | * Other Discussion Topics 59 | - Recap Working Items in FY 2021 60 | [Security Features]​ 61 | - OIDC Client’s Public Key Management​ 62 | - OAuth 2.0 Demonstration of Proof-of-Possession (DPoP)​ 63 | - FAPI 2.0 (baseline/advanced)​ 64 | - Pushed Authorization Request (PAR)​ 65 | - Rich Authorization Request (RAR)​ 66 | - Grant Management API 67 | [Market Specific Features]​ 68 | ​ 69 | - Following eIDAS regulations​ 70 | - QWAC verification​ 71 | - Consent Management​ 72 | ​ 73 | - Onboarding​ 74 | - Software Statement Support​ 75 | - Software Statement Assertion (SSA) Verification 76 | 77 | - Time of this meeting 78 | Considering the situation that participants of this FAPI-SIG meeting live all over the world, the time of this meeting might be moved 1 or 2 hours later 79 | 80 | * Next Web Meeting 81 | Wed 14 Apr 2021 8:00 - 9:00 UTC in 1 hour 82 | (Time of this meeting might be changed) 83 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/16th/presentations/FAPI-SIG_16th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/16th/presentations/FAPI-SIG_16th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/17th/presentations/FAPI-SIG_17th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/17th/presentations/FAPI-SIG_17th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/18th/presentations/FAPI-SIG_18th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/18th/presentations/FAPI-SIG_18th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/19th/presentations/FAPI-SIG_19th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/19th/presentations/FAPI-SIG_19th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/1st/1st_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | Title : 2 | FAPI-SIG(Special Interest Group) Community 1st Meeting 3 | 4 | Date : 5 | Fri 7 Aug 2020 6 | 7 | Time : 8 | 08:30 - 09:30 GMT in 1 hour 9 | 10 | Venue : 11 | Zoom (presented by Adorsys GmbH) 12 | 13 | Host : 14 | Francis Pouatcha (Adorsys GmbH) 15 | 16 | Presenter : 17 | Takashi Norimatsu (Hitachi) 18 | 19 | Presentation Materials : 20 | [1] FAPI-SIG Community 1st Meeting Agenda 21 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/1st/presentations/FAPI-SIG_1st_MTG_agenda.pdf 22 | 23 | Recording : 24 | https://zoom.us/rec/share/4PdJbKmzqnxOZdLfuRHyZ_4iJYrCX6a81SJKqPsFyUhyg69lzxnf53_t-ZBGCGJT 25 | 26 | Summary : 27 | 28 | * Working Repository 29 | We can store and share all FAPI-SIG activity related information onto jsoss-sig/keycloak-fapi repository. 30 | 31 | * Project Manager 32 | Vinod can work as PM from Sep. 33 | 34 | * Keycloak Development Team Side Support 35 | Keycloak Development Team can help FAPI-SIG activities. E.g. reviewing PRs from FAPI-SIG activities in preference to others relatively for giving fast feedback to FAPI-SIG activities. 36 | 37 | * Communication Channel 38 | - keycloak developer mailing list 39 | - zulip chat 40 | https://keycloak.zulipchat.com/#narrow/stream/248413-dev-sig-fapi 41 | 42 | * Next Web Meeting 43 | Wed 9 Sep 8:00 - 9:00 GMT in 1 hour 44 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/1st/presentations/FAPI-SIG_1st_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/1st/presentations/FAPI-SIG_1st_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/20th/presentations/FAPI-SIG_20th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/20th/presentations/FAPI-SIG_20th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/21st/21st_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 21st Meeting 4 | 5 | Date : 6 | Wed 23 Jun 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Dmytro Mishchuk (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Artur Baltabayev 32 | Christophe Lannoy 33 | Charlène Sophie (ANS) 34 | Dmitry Telegin (Backbase) 35 | Gilbert Fernandes 36 | Guy Moyo (Adorsys) 37 | James Conners 38 | Jon Meyler (Backbase) 39 | Kannan Rasappan (Banfico) 40 | Leandro 41 | Marek Posolda (Red Hat) 42 | Matthew Conners 43 | Pritish Joshi (Banfico) 44 | 45 | Presentation Materials : 46 | [1] FAPI-SIG Community 21st Meeting Agenda 47 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/21st/presentations/FAPI-SIG_21st_MTG_agenda.pdf 48 | 49 | Recording : 50 | TBD 51 | 52 | Summary : 53 | 54 | * Updates : keycloak 55 | Keycloak 14 has been released. 56 | https://www.keycloak.org/2021/06/keycloak-1400-released.html 57 | 58 | * Updates : FAPI 1.0​ 59 | Keycloak 14 officially supported FAPI 1.0 Baseline/Advanced support as default client profile.​ 60 | FAPI-SIG’s automated conformance test run environment provided FAPI1 Advanced Final conformance tests against keycloak 14 as default. 61 | 62 | * Updates : FAPI 2.0​ 63 | PR for OAuth 2.0 Rich Authorization Requests (RAR) has been sent to keycloak upstream, waiting for its review. 64 | https://github.com/keycloak/keycloak/pull/8006 65 | 66 | * Updates : Client Policies​ 67 | Keycloak 14 officially supported Client Policies. 68 | 69 | * New item : FAPI-JARM 70 | PR for FAPI JWT Authorization Response Mode (FAPI-JARM) has been sent to keycloak upstream, waiting for its review. 71 | https://github.com/keycloak/keycloak/pull/8158 72 | 73 | * Updates : SPA/Native App​ 74 | There is a progress on frontend side (js). 75 | 76 | * Other Discussion Topics 77 | - keycloak 14 might try to get the certificates for "FAPI Adv. OP w/ MTLS" and "FAPI Adv. OP w/ Private Key" within about two weeks or so. 78 | - Which security profiles we try to support after FAPI 1.0 support is completed. 79 | -> For the time being, PRs for PAR, FAPI-CIBA and FAPI-JARM could be hopefully reviewed by keycloak development team. 80 | - Proposal : apply for CfP to DevConf.cz 2022 for presenting FAPI-SIG activities and achievements to OSS developer’s community. 81 | 82 | * Next Web Meeting 83 | Wed 7 Jul 2021 11:00 - 12:00 UTC in 1 hour 84 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/21st/presentations/FAPI-SIG_21st_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/21st/presentations/FAPI-SIG_21st_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/22nd/presentations/FAPI-SIG_22nd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/22nd/presentations/FAPI-SIG_22nd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/23rd/23rd_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 23rd Meeting 4 | 5 | Date : 6 | Wed 21 Jun 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Charlène Sophie (ANS) 33 | Christophe Lannoy 34 | Dmitry Telegin (Backbase) 35 | Gilbert Fernandes 36 | Guy Moyo (Adorsys) 37 | Kannan Rasappan (Banfico) 38 | Marek Posolda (Red Hat) 39 | Pritish Joshi (Banfico) 40 | 41 | Presentation Materials : 42 | [1] FAPI-SIG Community 23rd Meeting Agenda 43 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/23rd/presentations/FAPI-SIG_23rd_MTG_agenda.pdf 44 | 45 | Recording : 46 | https://us06web.zoom.us/rec/share/-DDToqA0HSVnf2pet6R8NPW4EI_YAikWcyOJK8e8qy1WE_zj4yuIcbRmFdCyb55j.II08mOZ7VRRHHdEc 47 | 48 | Summary : 49 | 50 | * Demonstration : how to run conformance tests by FAPI-SIG's automated conformance testing environment 51 | 52 | * Updates : FAPI-CIBA​ 53 | To comply with FAPI-CIBA, the following 2 additional PRs have been merged. 54 | Client Policy - Endpoint : support Token Request by CIBA Backchannel Authentication 55 | https://github.com/keycloak/keycloak/pull/8242 56 | Client Policy - Executor : Enforce Backchannel Authentication Request satisfying high security level​ 57 | https://github.com/keycloak/keycloak/pull/8238 58 | 59 | Ran conformance tests against KC14 and listed up what need to be done to pass tests. 60 | 7 mandatory issues -> all corresponding PRs have been merged. 61 | 1 follow-up (global profile for FAPI-CIBA) -> In progress 62 | 2 optional issues -> Open 63 | 64 | Experimentally, automated FAPI-CIBA's conformance testing has been added to FAPI-SIG's automated conformance testing environment. 65 | 66 | * New item : Open Banking Brasil 67 | keycloak development team itself deals with this support. 68 | Its status can be found on the JIRA ticket (Epic) : https://issues.redhat.com/browse/KEYCLOAK-18629 69 | 70 | * Other Discussion Topics 71 | - keycloak 15 will support Open Banking Brasil FAPI, OAuth 2.0 Pushed Authorization Request (PAR) and FAPI-CIBA officially. 72 | - keycloak 15 tries to pass conformance tests of Open Banking Brasil FAPI, FAPI-CIBA and FAPI 1.0 Advanced. 73 | - It has been confirmed that keycloak 14 could pass conformance tests for FAPI 1.0 Advanced. 74 | 75 | * Next Web Meeting 76 | Wed 4 Aug 2021 11:00 - 12:00 UTC in 1 hour 77 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/23rd/presentations/FAPI-SIG_23rd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/23rd/presentations/FAPI-SIG_23rd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/24th/24th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 24th Meeting 4 | 5 | Date : 6 | Wed 4 Aug 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Guy Moyo (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Charlène Sophie (ANS) 33 | Christophe Lannoy 34 | Dmitry Telegin (Backbase) 35 | Gilbert Fernandes 36 | Guy Moyo (Adorsys) 37 | Jonathan Meyler (Backbase) 38 | Kannan Rasappan (Banfico) 39 | Marek Posolda (Red Hat) 40 | Matthew Conners 41 | Pritish Joshi (Banfico) 42 | Thomas Darimont 43 | 44 | Presentation Materials : 45 | [1] FAPI-SIG Community 24th Meeting Agenda 46 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/24th/presentations/FAPI-SIG_24th_MTG_agenda.pdf 47 | 48 | Recording : 49 | TBD 50 | 51 | Summary : 52 | 53 | * keycloak 15 has been released that has newly supported FAPI-CIBA (ping, poll) and Open Banking Brasil FAPI 1.0.​ 54 | 55 | * update : FAPI-CIBA 56 | The current status can be found in JIRA Ticket [Epic] : https://issues.redhat.com/browse/KEYCLOAK-18457 57 | 58 | * update : Open Banking Brasil 59 | The current status can be found in JIRA Ticket [Epic] : https://issues.redhat.com/browse/KEYCLOAK-18629​ 60 | 61 | * proposal : Joint presentation on Devconf.cz 2022 62 | 63 | * Other Discussion Topics 64 | - keycloak 15 will supported Open Banking Brasil FAPI but need have some tweak. 65 | - Keycloak 15.0.1 will be released for fixing bugs and RH-SSO 7.5 might be based on it. 66 | - Some Brazil's banks get certified as Open Banking Brasil FAPI by using and customizing keycloak. 67 | - keycloak 15 might get certified as FAPI OP in Aug or Sep. 68 | 69 | * Next Web Meeting 70 | Wed 18 Aug 2021 11:00 - 12:00 UTC in 1 hour 71 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/24th/presentations/FAPI-SIG_24th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/24th/presentations/FAPI-SIG_24th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/25th/25th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 25th Meeting 4 | 5 | Date : 6 | Wed 18 Aug 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Guy Moyo (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Dmitry Telegin (Backbase) 33 | Jonathan Meyler (Backbase) 34 | Kannan Rasappan (Banfico) 35 | Marek Posolda (Red Hat) 36 | Regis Mauget (ANS) 37 | 38 | Presentation Materials : 39 | [1] FAPI-SIG Community 25th Meeting Agenda 40 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/25th/presentations/FAPI-SIG_25th_MTG_agenda.pdf 41 | 42 | Recording : 43 | TBD 44 | 45 | Summary : 46 | 47 | * kc-fapi-sig repository​ supported Open Banking Brasil FAPI 1.0 conformance tests automated run.​ 48 | - Client Authentication Method : MTLS, private_key_jwt​​ 49 | - Signature Algorithm : PS256​ 50 | - Request Object Method : plain, PAR​​ 51 | - Response Mode : plain, JARM​ 52 | 53 | * proposal : new working items 54 | - Client Policies Revised 55 | - FAPI 2.0 Baseline 56 | 57 | * Other Discussion Topics 58 | - RH-SSO 7.5 might be released in Sep or Oct. 59 | - Some bug fixed version of keycloak 15 will be released that RH-SSO 7.5 is based on. 60 | - keycloak might get certified as FAPI OP (FAPI1 Advanced Generic, FAPI-CIBA, Open Banking Brazil FAPI 1.0 except DCR). 61 | 62 | * Next Web Meeting 63 | Wed 1 Sep 2021 11:00 - 12:00 UTC in 1 hour 64 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/25th/presentations/FAPI-SIG_25th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/25th/presentations/FAPI-SIG_25th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/26th/26th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 26th Meeting 4 | 5 | Date : 6 | Wed 1 Sep 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Charlène Sophie (ANS) 33 | Dmitry Telegin (Backbase) 34 | Kannan Rasappan (Banfico) 35 | Marek Posolda (Red Hat) 36 | 37 | Presentation Materials : 38 | [1] FAPI-SIG Community 26th Meeting Agenda 39 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/26th/presentations/FAPI-SIG_26th_MTG_agenda.pdf 40 | 41 | Recording : 42 | TBD 43 | 44 | Summary : 45 | 46 | * release 47 | keycloak 15.0.2 is released. 48 | 49 | * proposal : new working items 50 | - PII returned from Token Introspection Endpoint 51 | 52 | * Other Discussion Topics 53 | - RH-SSO 7.5 might be based on keycloak 15.0.2. 54 | - For the proposal, it might be beneficial if we want to hide some sensitive information that should not be revealed to a client. 55 | - For the proposal, it can be accomplished by encrypting an access token including PII or other sensitive information that should not be revealed to client by a resource server's public key in JWE. 56 | - For the proposal, perhaps it can be accomplished by newly introduced Token Exchange SPI from keycloak 15. 57 | 58 | * Next Web Meeting 59 | Wed 15 Sep 2021 11:00 - 12:00 UTC in 1 hour 60 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/26th/presentations/FAPI-SIG_26th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/26th/presentations/FAPI-SIG_26th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/27th/27th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 27th Meeting 4 | 5 | Date : 6 | Wed 29 Sep 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Guy Moyo (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Christophe Lannoy 33 | Dmitry Telegin (Backbase) 34 | Jon Meyler (Backbase) 35 | Marek Posolda (Red Hat) 36 | 37 | Presentation Materials : 38 | [1] FAPI-SIG Community 27th Meeting Agenda 39 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/27th/presentations/FAPI-SIG_27th_MTG_agenda.pdf 40 | 41 | Recording : 42 | TBD 43 | 44 | Summary : 45 | 46 | * release 47 | RH-SSO 7.5 (based on keycloak 15.0.2) has been released. 48 | 49 | * proposal : new working items 50 | - Discussion : Client Policies vs Client Setting​ 51 | - It seems that revising client policies can remove several client settings. 52 | 53 | * Other Discussion Topics 54 | - Dynamic / Parameterized Client Scope discussion has been started.​ 55 | https://github.com/keycloak/keycloak/discussions/8486​ 56 | https://github.com/keycloak/keycloak/discussions/8488 57 | It may affect RAR for FAPI 2.0 that is ongoing in FAPI-SIG. 58 | - keycloak 15.0.2 would try to get certificates of FAPI 1.0 Advanced generic, FAPI-SIG and OBB-FAPI. 59 | 60 | * Next Web Meeting 61 | Wed 13 Oct 2021 11:00 - 12:00 UTC in 1 hour 62 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/27th/presentations/FAPI-SIG_27th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/27th/presentations/FAPI-SIG_27th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/28th/28th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 28th Meeting 4 | 5 | Date : 6 | Wed 13 Oct 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) - absent 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Christophe Lannoy 33 | Dmitry Telegin (Backbase) 34 | Guy Moyo (Adorsys) 35 | Kannan Rasappan (Banfico) 36 | 37 | Presentation Materials : 38 | [1] FAPI-SIG Community 28th Meeting Agenda 39 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/28th/presentations/FAPI-SIG_28th_MTG_agenda.pdf 40 | 41 | Recording : 42 | TBD 43 | 44 | Summary : 45 | 46 | * Open Banking Brasil FAPI 1.0 Security Profile draft version up (ID2 -> ID3) 47 | 48 | * Changing the way of contribution’s discussion​ 49 | need to use github's discussion instead of using keycloak-dev ML. 50 | 51 | * Automated Conformance Test Run Environment has been updated.​ 52 | - Conformance Suite : v4.1.21 to v4.1.29​ 53 | - Keycloak : 15.0.1 to 15.0.2 (RH-SSO 7.5 based on)​ 54 | - All FAPI 1.0 Advanced, FAPI-CIBA and OBB-FAPI 1.0 tests has been passed. 55 | 56 | * Other Discussion Topics 57 | - Dynamic / Parameterized Client Scope discussion 58 | https://github.com/keycloak/keycloak/discussions/8486​ 59 | RAR and Dynamic / Parameterized Scopes can be both treated.​ 60 | The following features need to be considered simultaneously.​ 61 | - FAPI 2.0 Grant Management API​ 62 | current keycloak can only manage static scopes (registered in advance)​ 63 | - Consent Screen Enhancement​ 64 | https://github.com/keycloak/keycloak/discussions/8495​ 65 | Enriching a scope by a resource owner​ 66 | - Namespaced Roles​ 67 | https://github.com/keycloak/keycloak/discussions/8516 68 | 69 | * Next Web Meeting 70 | Wed 27 Oct 2021 11:00 - 12:00 UTC in 1 hour 71 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/28th/presentations/FAPI-SIG_28th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/28th/presentations/FAPI-SIG_28th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/29th/29th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 29th Meeting 4 | 5 | Date : 6 | Wed 27 Oct 2021 7 | 8 | Time : 9 | 11:00 - 12:00 UTC in 1 hour 10 | 7:00 - 8:00 EDT (UTC-4) 11 | 12:00 - 13:00 BST (UTC+1) 12 | 13:00 - 14:00 CEST (UTC+2) 13 | 14:00 - 15:00 EEST (UTC+3) 14 | 16:30 - 17:30 IST (UTC+5:30) 15 | 20:00 - 21:00 JST (UTC+9) 16 | 21:00 - 22:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) - absent 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Charlène Sophie (ANS) 33 | Christophe Lannoy 34 | Dmitry Telegin (Backbase) 35 | Guy Moyo (Adorsys) 36 | Matthew Conners 37 | Marek Posolda (Red Hat) 38 | 39 | Presentation Materials : 40 | [1] FAPI-SIG Community 29th Meeting Agenda 41 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/29th/presentations/FAPI-SIG_29th_MTG_agenda.pdf 42 | 43 | Recording : 44 | https://us06web.zoom.us/rec/share/YH5lTS9_fZJqRwPEpF0FhE5kQzeTcUGZS0mFViBrBkZnBXv3Qkir_NRT_Hwv6WLw.gG1Pu33tLjBSuQAr 45 | 46 | Summary : 47 | 48 | * Automated Conformance Test Run Environment has been updated.​ 49 | - Self contained access token specification has been published​ 50 | RFC 9068 JSON Web Token (JWT) Profile for OAuth 2.0 Access Token​ 51 | https://datatracker.ietf.org/doc/html/rfc9068​ 52 | keycloak discussion :​ 53 | https://github.com/keycloak/keycloak/discussions/8646 54 | 55 | * Other Discussion Topics 56 | - FAPI Certificate 57 | RH has already sent a request for FAPI Certificate and waited for its response from OpenID Foundation.​ 58 | Implementation : keycloak 15.0.2 59 | FAPI 1 Advanced Final (Generic) : 60 | - FAPI Adv. OP w/ MTLS 61 | - FAPI Adv. OP w/ MTLS, PAR 62 | - FAPI Adv. OP w/ Private Key 63 | - FAPI Adv. OP w/ Private Key, PAR 64 | - FAPI Adv. OP w/ MTLS, JARM 65 | - FAPI Adv. OP w/ Private Key, JARM 66 | - FAPI Adv. OP w/ MTLS, PAR, JARM 67 | - FAPI Adv. OP w/ Private Key, PAR, JARM 68 | After receiving this certificate, RH will send a request for the following FAPI Certificates. 69 | - Brazil Open Banking (Based on FAPI 1 Advanced Final) 70 | - Certified Financial-grade API Client Initiated Backchannel Authentication Profile (FAPI-CIBA) OpenID Providers 71 | - DPoP 72 | It seems to be good for the first its PR to implement DPoP with some client settings and without client policies support. 73 | Its client policies support might be treated by the follow-up PRs. 74 | 75 | * Next Web Meeting 76 | Wed 10 Nov 2021 11:00 - 12:00 UTC in 1 hour 77 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/29th/presentations/FAPI-SIG_29th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/29th/presentations/FAPI-SIG_29th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/2nd/2nd_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | Title : 2 | FAPI-SIG(Special Interest Group) Community 2nd Meeting 3 | 4 | Date : 5 | Wed 9 Sep 2020 6 | 7 | Time : 8 | 08:00 - 09:00 GMT in 1 hour 9 | 10 | Venue : 11 | Zoom (presented by Adorsys GmbH) 12 | 13 | Host : 14 | Francis Pouatcha (Adorsys GmbH) 15 | 16 | Presenter : 17 | Takashi Norimatsu (Hitachi) 18 | 19 | Presentation Materials : 20 | [1] FAPI-SIG Community 2nd Meeting Agenda 21 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/2nd/presentations/FAPI-SIG_2nd_MTG_agenda.pdf [2] FAPI Support Milestone 22 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/2nd/presentations/FAPI_Support_Milestone.pdf 23 | [3] FAPI-SIG Activities Update #1 in Japan 24 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/updates/FAPI_Update_No1_JPN.pdf 25 | [4] FAPI-SIG Activities Update #2 in Japan 26 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/updates/FAPI_Update_No2_JPN.pdf 27 | [5] FAPI-SIG Activities Update #3 in Japan 28 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/updates/FAPI_Update_No3_JPN.pdf 29 | 30 | Recording : 31 | https://zoom.us/rec/share/qi4aAj00m2g0FAF888K65HW2xCDeNHN9UgxOhp0wv0IVrtvPIYIyY_EJnPmxTMoT.AkyD6x6JuVvjWzSI 32 | 33 | Summary : 34 | 35 | * Keycloak Development Team Side : Milestone FAPI-RW 36 | It seems a reasonable milestone. The dev team promotes reviewing related PRs that have already been sent to keycloak 37 | 38 | * Keycloak Development Team Side : Milestone FAPI-CIBA 39 | It also a seems reasonable milestone. 40 | 41 | * FAPI-CIBA tasks break down and estimate 42 | Currently, which works are needed for accomplishing FAPI-CIBA in detail is not clarified. 43 | Takashi clarifies this point. 44 | 45 | * Conformance Tests for FAPI-RW and FAPI-CIBA 46 | Currently, Integral Tech has already some advance on automating FAPI-RW conformance test run. 47 | Banfico can treat with these Conformance Test run tasks about FAPI-RW and FAPI-CIBA. 48 | 49 | * Project Management 50 | We use github's project to manage and track FAPI-SIG activities. 51 | To manage works, we use issues of the github's repository and existing keycloak's JIRA tickets. 52 | 53 | * Contribution 54 | Reviewing PRs is one way of contributing FAPI-SIG activities. 55 | 56 | * Get FAPI certificates 57 | Red Hat can fund payment for getting FAPI certificates. 58 | 59 | * Regular Web Meeting 60 | We will have bi-week regular web meetings. 61 | 8:00 - 9:00 GMT in 1 hour 62 | 63 | * Next Web Meeting 64 | Wed 23 8:00 - 9:00 GMT in 1 hour 65 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/2nd/presentations/FAPI-SIG_2nd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/2nd/presentations/FAPI-SIG_2nd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/2nd/presentations/FAPI_Support_Milestone.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/2nd/presentations/FAPI_Support_Milestone.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/30th/30th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 30th Meeting 4 | 5 | Date : 6 | Wed 24 Nov 2021 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Christophe Lannoy 32 | Dmitry Telegin (Backbase) 33 | Gilbert Fernandes 34 | Guy Moyo (Adorsys) 35 | Jonathan Meyler (Backbase) 36 | Kannan Rasappan (Banfico) 37 | Matthew Conners 38 | Marek Posolda (Red Hat) 39 | Matthew Conners 40 | 41 | Presentation Materials : 42 | [1] FAPI-SIG Community 30th Meeting Agenda 43 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/30th/presentations/FAPI-SIG_30th_MTG_agenda.pdf 44 | 45 | Recording : 46 | TBD 47 | 48 | Summary : 49 | 50 | * New Meeting Schedule 51 | We hold FAPI-SIG regular meeting monthly instead of every 2 weeks. 52 | Vinod will re-send updated FAPI-SIG meeting invitations. 53 | 54 | * FAPI Certificate 55 | There might be an option that RH tries to receive certificates for RH-SSO instead of keycloak and some non-commercial OSS community tries to receive certificate for keycloak. 56 | 57 | * RAR/Grant Management API 58 | The blocker of RAR/Grant Management API, namely Dynamic Scope has been handled by RH developers but they are busy for other tasks so that the work of Dynamic Scope was stopped. It might be resumed soon. 59 | 60 | * DPoP 61 | The draft PR has been submitted. The issue of it is whether this PR includes Client Policies part instead of newly introducing DPoP related client settings. 62 | Takashi can help with Client Policies part for DPoP. 63 | 64 | * Next Web Meeting 65 | Wed 8 Dec 2021 12:00 - 13:00 UTC in 1 hour 66 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/30th/presentations/FAPI-SIG_30th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/30th/presentations/FAPI-SIG_30th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/31st/31st_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 31st Meeting 4 | 5 | Date : 6 | Wed 8 Dec 2021 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Christophe Lannoy 32 | Dmitry Telegin (Backbase) 33 | Guy Moyo (Adorsys) 34 | Kannan Rasappan (Banfico) 35 | Marek Posolda (Red Hat) 36 | 37 | Presentation Materials : 38 | [1] FAPI-SIG Community 31st Meeting Agenda 39 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/31st/presentations/FAPI-SIG_31sth_MTG_agenda.pdf 40 | 41 | Recording : 42 | TBD 43 | 44 | Summary : 45 | 46 | * FAPI Certificate 47 | It seems that some bureaucratic work might be resolved soon. 48 | 49 | * RAR/Grant Management API 50 | It might be helpful if someone can help with the RH team working on Dynamic Scope. 51 | 52 | * DPoP 53 | UserInfo endpoint's error response issue is independent from DPoP itself. 54 | 55 | * Issue : PAR + Kerberos 56 | The issue has been reported in dev-ml when using PAR and Kerberos authentication. 57 | https://groups.google.com/g/keycloak-dev/c/1dXkFhx137g 58 | To handle this issue, creating corresponding github issue need to be done at first. 59 | 60 | * Next Web Meeting 61 | Wed 5 Jan 2022 12:00 - 13:00 UTC in 1 hour 62 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/31st/presentations/FAPI-SIG_31sth_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/31st/presentations/FAPI-SIG_31sth_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/32nd/32nd_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 32nd Meeting 4 | 5 | Date : 6 | Wed 2 Feb 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Christophe Lannoy 32 | Dmitry Telegin (Backbase) 33 | Guy Moyo (Adorsys) 34 | Kannan Rasappan (Banfico) 35 | Marek Posolda (Red Hat) 36 | Thomas Darimont 37 | 38 | Presentation Materials : 39 | [1] FAPI-SIG Community 32nd Meeting Agenda 40 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/32nd/presentations/FAPI-SIG_32nd_MTG_agenda.pdf 41 | 42 | Recording : 43 | TBD 44 | 45 | Summary : 46 | 47 | * FAPI Certificate 48 | Keycloak 15 has achieved certificates for FAPI 1.0 Advanced (all 8 conformance profiles), FAPI-CIBA (all 4 conformance profiles) and Open Banking Brazil FAPI 1.0 (8 of 9 conformance profiles). 49 | 50 | * OIDC Certificate 51 | Keycloak will re-acquire OIDC OP certificate. It will also acquire OIDC Logout proflie certificate. 52 | 53 | * Automated conformance test environment for OIDC and its Logout profile certificate 54 | It is helpful if someone support automated conformance test environment in FAPI-SIG repository for OIDC and its Logout profile certificate. 55 | 56 | * Automated conformance test environment against keycloak-x 57 | It is helpful if someone support automated conformance test environment in FAPI-SIG repository against quarkus based keycloak-x. 58 | Currently conformance test run against keycloak based on wildfly. 59 | 60 | * RAR/Grant Management API 61 | It is good if a red hat's developer working on dynamic scopes could participate FAPI-SIG meeting. We might help him. 62 | 63 | * DPoP 64 | The draft version PR for DPoP is in progress. 65 | 66 | * Keycloak 17 67 | Keycloak 17 based on quarkus may be released in Feb or Mar. 68 | 69 | * Next Web Meeting 70 | Wed 2 Mar 2022 12:00 - 13:00 UTC in 1 hour 71 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/32nd/presentations/FAPI-SIG_32nd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/32nd/presentations/FAPI-SIG_32nd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/33rd/33rd_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 33rd Meeting 4 | 5 | Date : 6 | Wed 2 Mar 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Guy Moyo (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Marek Posolda (Red Hat) 32 | 33 | Presentation Materials : 34 | [1] FAPI-SIG Community 32nd Meeting Agenda 35 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/33rd/presentations/FAPI-SIG_33rd_MTG_agenda.pdf 36 | 37 | Recording : 38 | https://us06web.zoom.us/rec/share/1Wz5uHrQzyx7gpDnhjLYGDWsOzcZAZS9zN_FMuanhknc4k0l-I7sWOrRavL7WsEt.m_154PTxVG-oOGBg?startTime=1646223315000 39 | 40 | Summary : 41 | 42 | * OIDC Certificate 43 | Keycloak will re-acquire OIDC OP certificate for the following conformance profile: 44 | - Config OP 45 | - Basic OP 46 | - Implicit OP 47 | - Hybrid OP 48 | - Dynamic OP 49 | - FORM POST OP 50 | Currently, the remaining 3rd Party-Init OP conformance profile is out of scope. 51 | 52 | * OIDC Certificate for logout profiles 53 | Keycloak will newly acquire OIDC OP certificate for the following conformance profile: 54 | - RP-Initiated OP 55 | - Session OP 56 | - Front-Channel OP 57 | - Back-Channel OP 58 | 59 | * Automated conformance test environment for OIDC 60 | It has supported by the current FAPI-SIG's automated conformance test environment. 61 | 62 | * Automated conformance test environment for OIDC Logout profile certificate 63 | It has not yet supported by the current FAPI-SIG's automated conformance test environment. 64 | 65 | * Automated conformance test environment against quarkus based keycloak 66 | It has supported by the current FAPI-SIG's automated conformance test environment. 67 | 68 | * Next Web Meeting 69 | Wed 6 Apr 2022 12:00 - 13:00 UTC in 1 hour 70 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/33rd/presentations/FAPI-SIG_33rd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/33rd/presentations/FAPI-SIG_33rd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/34th/presentations/FAPI-SIG_34th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/34th/presentations/FAPI-SIG_34th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/35th/35th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 35th Meeting 4 | 5 | Date : 6 | Wed 4 May 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 16:30 - 17:30 IST (UTC+4:30) 15 | 20:00 - 21:00 JST (UTC+8) 16 | 21:00 - 22:00 AEST (UTC+9) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Christophe Lannoy 32 | Guy Moyo (Adorsys) 33 | Marek Posolda (Red Hat) 34 | 35 | Presentation Materials : 36 | [1] FAPI-SIG Community 35th Meeting Agenda 37 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/35th/presentations/FAPI-SIG_35th_MTG_agenda.pdf 38 | 39 | Recording : 40 | TBD 41 | 42 | Summary : 43 | 44 | * Passed Conformance Tests per Keycloak version 45 | Listed up which version of keycloak could pass which types of conformance tests: 46 | https://github.com/keycloak/keycloak-oauth-sig#passed-conformance-tests-per-keycloak-version 47 | 48 | * OIDC OP for Logout Profiles conformance test support 49 | Automated: 50 | - RP-Initiated OP 51 | - Back-Channel OP 52 | Manual: 53 | - Session OP 54 | - Front-Channel OP 55 | 56 | * Keycloak's original features affected by deprecating client adapters 57 | At least, authorization services (not UMA compliant) would be supported. 58 | https://github.com/keycloak/keycloak/discussions/11681 59 | 60 | * Proposal : Extend FAPI-SIG’s scope 61 | Basically, FAPI-SIG works on FAPI and OIDC related security features. 62 | However, it can also works on other security features. 63 | README.md describing its scope will be updated. 64 | 65 | * Next Web Meeting 66 | Wed 1 Jun 2022 12:00 - 13:00 UTC in 1 hour 67 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/35th/presentations/FAPI-SIG_35th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/35th/presentations/FAPI-SIG_35th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/36th/36th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 36th Meeting 4 | 5 | Date : 6 | Wed 1 Jun 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 16:30 - 17:30 IST (UTC+4:30) 15 | 20:00 - 21:00 JST (UTC+8) 16 | 21:00 - 22:00 AEST (UTC+9) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Christophe Lannoy 32 | Guy Moyo (Adorsys) 33 | Marek Posolda (Red Hat) 34 | 35 | Presentation Materials : 36 | [1] FAPI-SIG Community 36th Meeting Agenda 37 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/36th/presentations/FAPI-SIG_36th_MTG_agenda.pdf 38 | 39 | Recording : 40 | https://us06web.zoom.us/rec/share/RzemuDC9itHYcmNOeOXb0R0hFByFRgMDy27nhLDmYNVoelJqfiOnzYyfq_yfoT-u.r3S-1_8pRwyrutyg 41 | 42 | Summary : 43 | 44 | * OID-F Certification: Australia Consumer Data Right (CDR) 45 | Keycloak 15.0.2 got certified as FAPI OpenID Provider for Australia CDR. 46 | https://openid.net/certification/#FAPI_OPs 47 | 48 | * OID-F Certification: OpenID Connect 49 | Keycloak 18.0.0 got re-certified as OpenID Provider. 50 | https://openid.net/certification/#OPs 51 | 52 | * OID-F Certification: OpenID Connect for Logout Profiles 53 | Keycloak 18.0.0 got certified as OpenID Provider for Logout Profiles. 54 | https://openid.net/certification/#OPs 55 | 56 | * OID-F Certification: Summary of Certifications Keycloak has achieved 57 | Keycloak has achieved 6 of 7 certifications: 58 | - OpenID Provider 59 | - OpenID Provider for Logout Profile 60 | - FAPI OpenID Provider for FAPI 1 Advanced Final 61 | - FAPI OpenID Provider for Australia CDR 62 | - FAPI OpenID Provider for Brazil Open Banking 63 | - FAPI-CIBA OpenID Provider 64 | Keycloak has not yet achieved 1 remaining certification: 65 | - FAPI OpenID Provider for UK Open Banking 66 | 67 | * Presentations about keycloak, FAPI, and FAPI-SIG 68 | Marek has FAPI presentation on DevConf mini in Brno, Czech Republic on 2 Jun. 69 | "Secure digital transformation via keycloak's FAPI" 70 | https://devconfczmini2022.sched.com/event/11l61/secure-digital-transformation-via-keycloaks-fapi 71 | Takashi has also keycloak and FAPI presentation on Open Identity Summit 2022 in Lyngby, Denmark on 7 Jul. 72 | "Flexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak" 73 | https://oid2022.compute.dtu.dk/prog.html 74 | It might be good to gather these presentation materials and are stored in FAPI-SIG's repository as a knowledge base. 75 | 76 | * Next Web Meeting 77 | The July's meeting is skipped. The next meeting will be in August. 78 | Wed 3 Aug 2022 12:00 - 13:00 UTC in 1 hour 79 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/36th/presentations/FAPI-SIG_36th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/36th/presentations/FAPI-SIG_36th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/37th/37th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 37th Meeting 4 | 5 | Date : 6 | Wed 3 Aug 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 16:30 - 17:30 IST (UTC+4:30) 15 | 20:00 - 21:00 JST (UTC+8) 16 | 21:00 - 22:00 AEST (UTC+9) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Christophe Lannoy 32 | Dmitry Telegin (Backbase) 33 | Guy Moyo (Adorsys) 34 | Kannan Rasappan (Banfico) 35 | 36 | Presentation Materials : 37 | [1] FAPI-SIG Community 37th Meeting Agenda 38 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/37th/presentations/FAPI-SIG_37th_MTG_agenda.pdf 39 | 40 | Recording : 41 | https://us06web.zoom.us/rec/share/J0lBERKe_oxYip13sr1i-UezEb3eau817qcTiVwM1xEWGr_73MAXoggQA1zkqLo.S2iQUsm7euPSurSb 42 | 43 | Summary : 44 | 45 | * PR for UK OpenBanking 46 | Issue: https://github.com/keycloak/keycloak/issues/12883 47 | PR: https://github.com/keycloak/keycloak/pull/13068 48 | It was confirmed that keycloak incorporating PR can pass conformance tests of UK OpenBanking (all 2 conformance profiles). 49 | 50 | * PR for Open Banking Brazil FAPI 1.0 Implementer's Draft 3 (ID3) 51 | Issue: https://github.com/keycloak/keycloak/issues/12065 52 | PR: https://github.com/keycloak/keycloak/pull/12551 53 | ID2: When token refresh, an authorization server may return a refreshed refresh token. 54 | ID3: When token refresh, an authorization server does not return a refresh token. 55 | Keycloak does not pass the test checking this point. 56 | It was confirmed that keycloak incorporating PR can pass conformance tests of Open Banking Brazil FAPI 1.0 ID3. 57 | 58 | * Next Web Meeting 59 | Wed 7 Sep 2022 12:00 - 13:00 UTC in 1 hour 60 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/37th/presentations/FAPI-SIG_37th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/37th/presentations/FAPI-SIG_37th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/38th/38th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 38th Meeting 4 | 5 | Date : 6 | Wed 7 Sep 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 16:30 - 17:30 IST (UTC+4:30) 15 | 20:00 - 21:00 JST (UTC+8) 16 | 21:00 - 22:00 AEST (UTC+9) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Dmitry Telegin (Backbase) 32 | Gilbert Fernandes 33 | Jonathan Meyler (Backbase) 34 | Kannan Rasappan (Banfico) 35 | Marek Posolda (Red Hat) 36 | 37 | Presentation Materials : 38 | [1] FAPI-SIG Community 38th Meeting Agenda 39 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/38th/presentations/FAPI-SIG_38th_MTG_agenda.pdf 40 | 41 | Recording : 42 | https://secure-web.cisco.com/1I8j04Nb6bnRij8HhyQXbTL3l5QdsVJ-MmChb7yg0IOGCpxmSmPyoXcya4IW7gS-B92JbK50yxqnN8rXeL8EEgt9WnwjyxhFEFQg7Td9tkCjvyydfF9om86bdwJMhxXjgraaaLFG6BeNQ51z339-DKXz_fHP1JEv0f112CCKe3ajquXsFIDQ3Ol57xvajfHtoERvG7MMkIiVsQWmubiFC7kwA7cWKJarLe6-JVYjJlwUL7qdvEkFPlTNuIf0ejiq9GnyLIAUmUUMnhW-ebvD9gVNuMzCkhkNYW7ELN67mzhNIsEpK94VNJH3qcy37ai8Ncx1-dQb8rljTi4oacgr_9A/https%3A%2F%2Fus06web.zoom.us%2Frec%2Fshare%2F-0D9d_wxSXvn9V5qdD1aNhREsLqFIaHuAnDyAAbvvF2AMsG-CGuwlV_sDcN0RfE._waw6dxImUSYPEWk 43 | 44 | Summary : 45 | 46 | * Extending scopes of FAPI-SIG 47 | In the 35th meeting, it was determined that FAPI-SIG's scope is extended to attract more contributors and have them get involved in FAPI-SIG. 48 | To determine how to extend FAPI-SIG's scope, there are several strategies: market driven (ex. Open Banking), standard driven, and both mixed. 49 | In the next meeting, the extended scope will be discussed and priotization will be also discussed. 50 | 51 | * Rename FAPI-SIG 52 | We consider renaming FAPI-SIG to match the aim of extended FAPI-SIG's scope appropriately. 53 | We will ask for the candidate of the new FAPI-SIG's name in keycloak-dev mailing list. 54 | In the next meeting, we will disucuss the new FAPI-SIG's name. 55 | 56 | * Next Web Meeting 57 | Wed 5 Oct 2022 12:00 - 13:00 UTC in 1 hour 58 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/38th/presentations/FAPI-SIG_38th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/38th/presentations/FAPI-SIG_38th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/39th/39th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 39th Meeting 4 | 5 | Date : 6 | Wed 5 Oct 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 16:30 - 17:30 IST (UTC+4:30) 15 | 20:00 - 21:00 JST (UTC+8) 16 | 21:00 - 22:00 AEST (UTC+9) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Daniel Fesenmeyer 32 | Dmitry Telegin (Backbase) 33 | Kannan Rasappan (Banfico) 34 | Marek Posolda (Red Hat) 35 | 36 | Presentation Materials : 37 | [1] FAPI-SIG Community 39th Meeting Agenda 38 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/39th/presentations/FAPI-SIG_39th_MTG_agenda.pdf 39 | 40 | Recording : 41 | https://us06web.zoom.us/rec/share/-os6gMyxbFO-65wwMYUaNLbm9KWxDUjVBAsZteMLII7gy9FVPkQc3ZXP2mD_Ezcb.DO1VuRoVuz1e7XaM 42 | 43 | Summary : 44 | 45 | * PR for UK OpenBanking​ 46 | Intent support before issuing tokens (UK OpenBanking)​ 47 | Issue: https://github.com/keycloak/keycloak/issues/12883​ 48 | PR: https://github.com/keycloak/keycloak/pull/13068​ 49 | The PR has been merged.​ It was confirmed that keycloak incorporating PR can pass conformance tests of UK OpenBanking (all 2 conformance profiles). 50 | - UK-OB Adv. OP w/ MTLS​ 51 | - UK-OB Adv. OP w/ Private Key​ 52 | 53 | * Extending scopes of FAPI-SIG 54 | It might be better that Stian, the project lead of keycloak, tells us the intention of extending scopes of FAPI-SIG. 55 | 56 | * Rename FAPI-SIG 57 | We continue gathering comments and discussions about it from keycloak's community. 58 | Eventually, we have a plan to list up candidates of new name of FAPI-SIG and take a vote. 59 | We agreed that we changes our activity from SIG (long-term) to WG (mid-term). 60 | 61 | * Next Web Meeting 62 | Wed 2 Nov 2022 12:00 - 13:00 UTC in 1 hour 63 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/39th/presentations/FAPI-SIG_39th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/39th/presentations/FAPI-SIG_39th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/3rd/3rd_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | Title : 2 | FAPI-SIG(Special Interest Group) Community 3rd Meeting 3 | 4 | Date : 5 | Wed 23 Sep 2020 6 | 7 | Time : 8 | 08:00 - 09:00 GMT in 1 hour 9 | 10 | Venue : 11 | Zoom (presented by Adorsys GmbH) 12 | 13 | Host : 14 | Francis Pouatcha (Adorsys GmbH) 15 | 16 | PM : 17 | Vinod Anandan (Independent) 18 | 19 | Presenter : 20 | Takashi Norimatsu (Hitachi) 21 | 22 | Presentation Materials : 23 | [1] FAPI-SIG Community 3rd Meeting Agenda 24 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/3rd/presentations/FAPI-SIG_3rd_MTG_agenda.pdf 25 | [2] FAPI-SIG Activities Update #4 in Japan 26 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/updates/FAPI_Update_No4_JPN.pdf 27 | 28 | Recording : 29 | https://zoom.us/rec/share/tyE3d1lXhHX60RZvUeBZMD3Ev1J2LLm9KcbW1h5s6vUm0xqcRChhRaYyEj7x_93b.g5iYH-rFG783TtAq 30 | 31 | Summary : 32 | 33 | * Governance 34 | FAPI-SIG needs its clear governance. 35 | Defining clear goals and projects to achieve them 36 | A few people manage and coordinate these projects 37 | Assigning contributors to them and watch their progresses 38 | Clarifying contributors of FAPI-SIG 39 | Taking notes about regular meetings 40 | 41 | * Ongoing works 42 | Banfico has made progresses on running the latest FAPI-RW conformance tests and tries to give feedback to making them onto CI/CD pipeline of keycloak. 43 | 44 | * Client Policies 45 | Security profile like FAPI-RW relies on Client Policies. 46 | However, Client Policies is still preview feature. Their UI is still missing. 47 | 48 | * New Admin REST API (clear JSON Documentation) 49 | New clear JSON Documentation will become introduced (e.g. User Profile). 50 | It affects Client Policies related works. 51 | 52 | * New Admin Console 53 | New Admin Console and its UIs will be introduced. 54 | It affects Client Policies related works. 55 | 56 | * Next Web Meeting 57 | Wed 7 Oct 8:00 - 9:00 GMT in 1 hour 58 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/3rd/presentations/FAPI-SIG_3rd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/3rd/presentations/FAPI-SIG_3rd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/40th/40th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 40th Meeting 4 | 5 | Date : 6 | Wed 7 Dec 2022 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Dmitry Telegin (Backbase) 32 | Gilbert Fernandes 33 | Justin Bingham (Janeiro Digital) 34 | Jamie Fiedler (Janeiro Digital) 35 | Kannan Rasappan (Banfico) 36 | Marek Posolda (Red Hat) 37 | Sebastian Schuster 38 | 39 | Presentation Materials : 40 | [1] FAPI-SIG Community 40th Meeting Agenda 41 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/40th/presentations/FAPI-SIG_40th_MTG_agenda.pdf 42 | 43 | Recording : 44 | https://us06web.zoom.us/rec/share/RfiVj4GlgG4fa2Ngqso6ednNVdKoKtBzmHPzXN1VL5HvkbxjiUM5JI-TMTDdNTxk.o2Uui380eJS0J2Lb 45 | 46 | Summary : 47 | 48 | * EdDSA Support 49 | Discussion: https://github.com/keycloak/keycloak/discussions/15713 50 | Issue: https://github.com/keycloak/keycloak/issues/15714 51 | 52 | * Keycloak Adopters Questionnaire 53 | keycloak-dev mailing list: https://groups.google.com/g/keycloak-dev/c/w6AeQiGy4r4 54 | Questionnaire form: https://forms.gle/hnucQ89MTjE5dzzf9 55 | Answering the questionnaire is important for keycloak's application to CNCF incubation project. 56 | 57 | * Keycloak support for Solid-OIDC 58 | Dmitry and Janeiro Digital explained Solid-OIDC and its support to keycloak. 59 | It might be preferable to support it as one of profiles by client policies. 60 | 61 | * Next Web Meeting 62 | Wed 4 Jan 2023 12:00 - 13:00 UTC in 1 hour 63 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/40th/presentations/FAPI-SIG_40th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/40th/presentations/FAPI-SIG_40th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/41st/41st_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 41st Meeting 4 | 5 | Date : 6 | Wed 4 Jan 2023 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Dmitry Telegin (Backbase) 29 | Takashi Norimatsu (Hitachi) 30 | 31 | Participants : 32 | Gilbert Fernandes 33 | Kannan Rasappan (Banfico) 34 | Marek Posolda (Red Hat) 35 | Sebastian Schuster 36 | Thomas Darimont (codecentric AG) 37 | 38 | Presentation Materials : 39 | [1] FAPI-SIG Community 41st Meeting Agenda 40 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/41st/presentations/FAPI-SIG_41st_MTG_agenda.pdf 41 | 42 | Recording : 43 | https://us06web.zoom.us/rec/share/8Mni6-tGEfowCt1Nj8eOUSIeds97efRU5s1mmPJg7388P_QBiEa1xgfafMmmkOAo.4NS2b_1fLX0cVcEX 44 | 45 | Summary : 46 | 47 | * EdDSA Support 48 | Discussion: https://github.com/keycloak/keycloak/discussions/15713 49 | Issue: https://github.com/keycloak/keycloak/issues/15714 50 | An ideal solution: 51 | - Use JDK standard defining interface (EdECPoint, EdECKey, EdECPublicKey, EdECPrivateKey, EdECPublicKeySpec, EdECPrivateKeySpec). 52 | - Use BoucyCastle defining concrete classes for these interfaces. 53 | Waiting for Keycloak dropping JDK11 and supporting JDK17, and apply the ideal solution. 54 | Keycloak 22 (might be released in this spring) will drop JDK11 support and support JDK17. 55 | https://www.keycloak.org/2022/11/keycloak-2000-released.html 56 | 57 | * Enlarging FAPI-SIG's scope and renaming FAPI-SIG 58 | WG is appropriate instead of SIG. 59 | New name candidates: 60 | Security WG, IAM Security WG, API Security WG, Secure Digital Identity WG, 61 | OIDC WG, OpenID WG, OAuth WG, Identity standards WG, 62 | Keycloak Governance WG, Keycloak Alignment WG, Keycloak Community WG, Keycloak Authorization WG, Keycloak Identity WG 63 | This discussion continues in the next FAPI-SIG meeting. 64 | 65 | * KeyConf'23 66 | Sponsors are welcomed. 67 | Venue: If considering small number of participants (about 20-30 peoples), a venue could be used in Cardiff, London, Manchester in UK. 68 | Date: It might be preferable to hold the meeting after some other community meeting about identity, security, etc. 69 | The participants can attend not only KeyConf'23 but this community meeting. 70 | Topic: 71 | This discussion continues in the next FAPI-SIG meeting. 72 | 73 | * Next Web Meeting 74 | Wed 1 Feb 2023 12:00 - 13:00 UTC in 1 hour 75 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/41st/presentations/FAPI-SIG_41st_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/41st/presentations/FAPI-SIG_41st_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/42nd/42nd_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 42nd Meeting 4 | 5 | Date : 6 | Wed 1 Feb 2023 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Dmitry Telegin (Backbase) 29 | Takashi Norimatsu (Hitachi) 30 | 31 | Participants : 32 | Arnaud Bourhis (ANS) 33 | Bertrand Carlier 34 | elf Pavlik 35 | Justin Bingham 36 | Kannan Rasappan (Banfico) 37 | 38 | Presentation Materials : 39 | [1] FAPI-SIG Community 42nd Meeting Agenda 40 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/42nd/presentations/FAPI-SIG_42nd_MTG_agenda.pdf 41 | 42 | Recording : 43 | https://us06web.zoom.us/rec/share/fB2JnnxV8yueg8QqvJYYSnpTrig9AIVCfUItN84IG4b6gSpT3dm6DOpyBFBVmw7p.s8b4fuJE4ZNN09hi 44 | 45 | Summary : 46 | 47 | * Enlarging FAPI-SIG's scope and renaming FAPI-SIG 48 | Schedule: 49 | - Continue proposing new scope and new name on 42nd meeting (1 Feb). 50 | - Vote new scope and new name on 43rd meeting (1 Mar) 51 | - Change scope and name from 44th meeting. 52 | Determined issues: 53 | - Change SIG to WG 54 | 55 | * KeyConf'23 56 | Current candidate: 57 | Scale of the conference: the same as Keyconf’ 19 (small size, ~50 participants?) 58 | Venue: London, UK 59 | Date: run along side a major identity event/conference in London 60 | Such major event/conference: 61 | [1] IDM Identity Management 62 | 15 June 2023 63 | Victoria Park Plaza Hotel, London 64 | https://whitehallmedia.co.uk/idmjun2023/ 65 | [2] Gartner Identity & Access Management Summit 2023 66 | 6 - 7 July 2023 67 | Intercontinental London - The O2 | London, United Kingdom 68 | https://www.gartner.com/en/conferences/na/identity-access-management-us/agenda 69 | [3] OAuth Security Workshop 2023 70 | 22 - 24 August 2023 71 | Royal Holloway, Egham Hill, London, England, United Kingdom 72 | https://oauth.secworkshop.events/ 73 | 74 | * Next Web Meeting 75 | Wed 1 Mar 2023 12:00 - 13:00 UTC in 1 hour 76 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/42nd/presentations/FAPI-SIG_42nd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/42nd/presentations/FAPI-SIG_42nd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/43rd/43rd_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 43rd Meeting 4 | 5 | Date : 6 | Wed 1 Mar 2023 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Dmitry Telegin (Backbase) 33 | Gilbert Fernandes 34 | Kannan Rasappan (Banfico) 35 | Marek Posolda (Red Hat) 36 | Sebastian Schuster 37 | Thomas Darimont (codecentric AG) 38 | 39 | Presentation Materials : 40 | [1] FAPI-SIG Community 43rd Meeting Agenda 41 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/43rd/presentations/FAPI-SIG_43rd_MTG_agenda.pdf 42 | 43 | Recording : 44 | https://us06web.zoom.us/rec/share/PLMcoFJpHOkF2DrS1TCJoAmRQtaTzu4KRwxT6xX_fROUKxAlzS6C9P6NZzN4UV4.sJ9g2Bx7fJfiNatd 45 | 46 | Summary : 47 | 48 | * Enlarging FAPI-SIG's scope and renaming FAPI-SIG 49 | In the meeting, it is determined that Digital Idenity WG is the best name. 50 | Marek asks keycloak maintainers for comments on the name. 51 | 52 | * KeyConf'23 53 | Venue: Level39, 1 Canada Square, Canary Wharf, London, UK 54 | - Banfico takes over coordination of the conference by sharing the meeting material [1] with Human Management team. 55 | - It seems that there is no restriction by Red Hat to the meeting because keycloak is community project. 56 | - It is expected that the number of participants is at most 50. 57 | - Hybrid (In person + online) style is also an option. 58 | - The budget is estimated at first. If the budget is estimated, we can request sponsorship to companies. 59 | - To discuss the conference, discord is used as communication channel. 60 | 61 | * Next Web Meeting 62 | Wed 5 Apr 2023 12:00 - 13:00 UTC in 1 hour 63 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/43rd/presentations/FAPI-SIG_43rd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/43rd/presentations/FAPI-SIG_43rd_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/44th/44th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 44th Meeting 4 | 5 | Date : 6 | Wed 12 Apr 2023 7 | 8 | Time (summer time) : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 16:30 - 17:30 IST (UTC+4:30) 15 | 20:00 - 21:00 JST (UTC+8) 16 | 21:00 - 22:00 AEST (UTC+9) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Kannan Rasappan (Banfico) 33 | Marek Posolda (Red Hat) 34 | 35 | Presentation Materials : 36 | [1] FAPI-SIG Community 44th Meeting Agenda 37 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/44th/presentations/FAPI-SIG_44th_MTG_agenda.pdf 38 | 39 | Recording : 40 | https://us06web.zoom.us/rec/share/xa7fkarHgKueHjwy38R_0BM8nmElB7UZFvZVXt8by8cr-h-ckArbDH1oZvMeZhd0.KGoOg0nrDEekMdes?startTime=1681297818000 41 | 42 | Summary : 43 | 44 | * Keycloak joins CNCF as an incubating project 45 | CNCF announced that Keycloak joins CNCF as an incubating project 46 | https://www.cncf.io/blog/2023/04/11/keycloak-joins-cncf-as-an-incubating-project/ 47 | 48 | Red Hat and Hitachi have a talk jointly about keycloak in Maintainer Track in KubeCon/CloudNativeCon Europe 2023 (Apr 18-21, Amsterdam, The Netherlands) 49 | https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/ 50 | https://kccnceu2023.sched.com/event/1LQDS?iframe=no 51 | 52 | * KeyConf'23 53 | It is determined that KeyConf'23 will be held as follows: 54 | Date: Fri 16 June, 2023 55 | Venue: Level39, 1 Canada Square, Canary Wharf, London, UK 56 | Sandbox 2 (48 people cabaret style, 60 theatre) 57 | Banfico bares the venue costs. 58 | EventBride is used as its event management system. 59 | (https://www.eventbrite.com/) 60 | From RH, Marek will attend the conference. 61 | From Hitachi, Takashi will attend the conference. 62 | 63 | * Enlarging FAPI-SIG's scope and renaming FAPI-SIG 64 | Considering the feedback from Keycloak maintainsers, we re-consider the following candidates: 65 | - Identity Standard SIG 66 | - OAuth SIG 67 | Marek will asks Keycloak maintainsers for comments on them. 68 | 69 | * Next Web Meeting 70 | Wed 3 May 2023 12:00 - 13:00 UTC in 1 hour 71 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/44th/presentations/FAPI-SIG_44th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/44th/presentations/FAPI-SIG_44th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/45th/45th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | FAPI-SIG(Special Interest Group) Community 45th Meeting 4 | 5 | Date : 6 | Wed 3 May 2023 7 | 8 | Time (summer time) : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 16:30 - 17:30 IST (UTC+4:30) 15 | 20:00 - 21:00 JST (UTC+8) 16 | 21:00 - 22:00 AEST (UTC+9) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | PM : 25 | Vinod Anandan (Citi) 26 | 27 | Presenter : 28 | Takashi Norimatsu (Hitachi) 29 | 30 | Participants : 31 | Arnaud Bourhis (ANS) 32 | Dmitry Telegin (Backbase) 33 | Hryhorii Hevorkian (Adorsys) 34 | Julien P (ANS) 35 | Kannan Rasappan (Banfico) 36 | Sebastian Schuster (Bosch Software Innovations) 37 | Thomas Darimont (codecentric AG) 38 | Marek Posolda (Red Hat) 39 | 40 | Presentation Materials : 41 | [1] FAPI-SIG Community 45th Meeting Agenda 42 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/45th/presentations/FAPI-SIG_45th_MTG_agenda.pdf 43 | 44 | Recording : 45 | TBD 46 | 47 | Summary : 48 | 49 | * Keycloak use case presentation by ANS, France. 50 | 51 | * KeyConf 23 52 | Date and Time: 10 AM - 4 PM, June 16, 2023 53 | Venue: Level39, 1 Canada Square, Canary Wharf, London, UK 54 | Web page: https://www.eventbrite.co.uk/e/keyconf-23-tickets-621079815447 55 | Marek will post the announcement of Keyconf 23 to keycloak-user and keycloak-dev mailing list, and keycloak's official site's blog. 56 | 57 | * Enlarging FAPI-SIG's scope and renaming FAPI-SIG 58 | OAuth SIG is adopted as the successor of FAPI-SIG. 59 | From the next meeting, OAuth SIG instead of FAPI-SIG. 60 | 61 | * Next Web Meeting 62 | Wed 7 June 2023 12:00 - 13:00 UTC in 1 hour 63 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/45th/presentations/FAPI-SIG_45th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/45th/presentations/FAPI-SIG_45th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/4th/4th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | Title : 2 | FAPI-SIG(Special Interest Group) Community 4th Meeting 3 | 4 | Date : 5 | Wed 7 Oct 2020 6 | 7 | Time : 8 | 08:00 - 09:00 GMT in 1 hour 9 | 10 | Venue : 11 | Zoom (presented by Adorsys GmbH) 12 | 13 | Host : 14 | Francis Pouatcha (Adorsys GmbH) 15 | 16 | PM : 17 | Vinod Anandan (Independent) 18 | 19 | Presenter : 20 | Takashi Norimatsu (Hitachi) 21 | 22 | Presentation Materials : 23 | [1] FAPI-SIG Community 4th Meeting Agenda 24 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/meetings/4th/presentations/FAPI-SIG_4th_MTG_agenda.pdf 25 | [2] CIBA Prototype Implementation Practical Guide 26 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/documents/FAPI-CIBA/CIBA_PrototypeImplPracticalGuide.pdf 27 | 28 | [3] FAPI-CIBA Contribution Guide 29 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/FAPI-SIG/documents/FAPI-CIBA/FAPI-CIBA_ContributionGuide.pdf 30 | 31 | Recording : 32 | https://zoom.us/rec/play/bzOjuI1h-4pjPXkX71Snoq1FM44S836S-PnZ7DDd8bip6mNxCcY3T8Or2TuIuEmoobvnroTNqajyzrtr.aChNRjeHzRN6Ro5i?continueMode=true&_x_zm_rtaid=DdA5aV8dRdasmB9cAJvwYA.1602553613512.e4af3969e7924a5b475cf5e114ce444e&_x_zm_rhtaid=86 33 | 34 | Summary : 35 | 36 | * FAPI-SIG members 37 | found in https://github.com/keycloak/keycloak-oauth-sig/blob/master/members.adoc 38 | 39 | * FAPI-SIG repository 40 | It has been transferred from jsoss-sig/keycloak-fapi to keycloak/kc-sig-fapi. 41 | 42 | * FAPI-RW project 43 | Remaining PRs have been merged. 44 | all conformance tests of both FAPI-RW OP w/MTLS & w/Private Key have been passed against the keycloak in the local environment. 45 | 46 | * FAPI-CIBA project 47 | Its major 1 task have been broken down into 13 separate subtasks. 48 | 49 | * New Client Policy Official Support project 50 | It has been proposed for Client Policies to be officially supported. 51 | Need official support for FAPI-RW security profile so that Client Policies' official support are needed at first. 52 | 53 | * keycloak next release 54 | Not assure but might be expected in Nov. 55 | 56 | * New Admin REST API (clear JSON Document) for Client Policies. 57 | Not yet determine whether it support or not for the first milestone of Client Policy Official Support. 58 | 59 | * New Admin Console for Client Policies 60 | Admin Console itself is still in development phase. 61 | Not yet determine whether it support or not for the first milestone of Client Policy Official Support. 62 | Keycloak dev team will bring some updated information on the next web meeting. 63 | 64 | * Migration of Client Registration Policy to Client Policy 65 | There is the option that at this time we skip migration of Client Registration Policy to Client Policy. 66 | 67 | * Next Web Meeting 68 | Wed 21 Oct 8:00 - 9:00 GMT in 1 hour 69 | -------------------------------------------------------------------------------- /FAPI-SIG/meetings/4th/presentations/FAPI-SIG_4th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/4th/presentations/FAPI-SIG_4th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/5th/presentations/FAPI-SIG_5th_MTG_agenda .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/5th/presentations/FAPI-SIG_5th_MTG_agenda .pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/6th/presentations/FAPI-SIG_6th_MTG_agenda .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/6th/presentations/FAPI-SIG_6th_MTG_agenda .pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/7th/presentations/FAPI-SIG_7th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/7th/presentations/FAPI-SIG_7th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/8th/presentations/FAPI-SIG_8th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/8th/presentations/FAPI-SIG_8th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/9th/presentations/FAPI-SIG_9th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/9th/presentations/FAPI-SIG_9th_MTG_agenda.pdf -------------------------------------------------------------------------------- /FAPI-SIG/meetings/FAPI-SIG_MTG_agenda_template.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/meetings/FAPI-SIG_MTG_agenda_template.pptx -------------------------------------------------------------------------------- /FAPI-SIG/updates/FAPI_Update_No1_JPN.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/updates/FAPI_Update_No1_JPN.pdf -------------------------------------------------------------------------------- /FAPI-SIG/updates/FAPI_Update_No2_JPN.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/updates/FAPI_Update_No2_JPN.pdf -------------------------------------------------------------------------------- /FAPI-SIG/updates/FAPI_Update_No3_JPN.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/updates/FAPI_Update_No3_JPN.pdf -------------------------------------------------------------------------------- /FAPI-SIG/updates/FAPI_Update_No4_JPN.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/FAPI-SIG/updates/FAPI_Update_No4_JPN.pdf -------------------------------------------------------------------------------- /KeyConf/Keyconf 23/2023 Kannan - Francis - Keycloak - Open Banking.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/KeyConf/Keyconf 23/2023 Kannan - Francis - Keycloak - Open Banking.pdf -------------------------------------------------------------------------------- /KeyConf/Keyconf 23/2023 Marek Keyconf - Keycloak - future feature ideas.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/KeyConf/Keyconf 23/2023 Marek Keyconf - Keycloak - future feature ideas.pdf -------------------------------------------------------------------------------- /KeyConf/Keyconf 23/2023 Marek Keyconf - Keycloak - recently added features.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/KeyConf/Keyconf 23/2023 Marek Keyconf - Keycloak - recently added features.pdf -------------------------------------------------------------------------------- /KeyConf/Keyconf 23/Secure Access Management with EGI Check-in_ Latest Advancements and Future Direction.pptx.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/KeyConf/Keyconf 23/Secure Access Management with EGI Check-in_ Latest Advancements and Future Direction.pptx.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/10th/OAuth-SIG_OID4VC_10th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/10th/OAuth-SIG_OID4VC_10th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/11th/OAuth-SIG_OID4VC_11th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/11th/OAuth-SIG_OID4VC_11th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/12th/OAuth-SIG_OID4VC_12th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/12th/OAuth-SIG_OID4VC_12th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/13th/OAuth-SIG_OID4VC_13th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/13th/OAuth-SIG_OID4VC_13th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/14th/OAuth-SIG_OID4VC_14th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/14th/OAuth-SIG_OID4VC_14th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/16th/OAuth-SIG_OID4VC_16th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/16th/OAuth-SIG_OID4VC_16th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/17th/OAuth-SIG_OID4VC_17th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/17th/OAuth-SIG_OID4VC_17th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/19th/OAuth-SIG_OID4VC_19th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/19th/OAuth-SIG_OID4VC_19th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/20th/OAuth-SIG_OID4VC_20th_Breakout3.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/20th/OAuth-SIG_OID4VC_20th_Breakout3.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/21st/OAuth-SIG_OID4VC_21st_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/21st/OAuth-SIG_OID4VC_21st_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/2nd/2nd_breakout_session_minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | OAuth SIG - OID4VCs 2nd Breakout Session 4 | 5 | Date : 6 | Fri 24 November 2023 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | Participants : 25 | Chris Cox (Integral) 26 | Dmitry Telegin (Backbase) 27 | Marek Posolda (Red Hat) 28 | Paul Templeman 29 | Pritish Joshi (Banfico) 30 | Stefan Wiedemann (FIWARE) 31 | Takashi Norimatsu (Hitachi) 32 | Thomas Diesler (Red Hat) 33 | 34 | Recording : 35 | https://us06web.zoom.us/rec/share/r0JyBWW5QgAktAeQhxbt8Fzo7uDdSCqOqKBGjaDgHBFLXsPfWZjiMrnnd4ZI0AbI.Byc2bXcZpO5z_wvj 36 | Summary : 37 | 38 | * SD-JWT support 39 | Walt.it might have an SD JWT lib. Need to clarify whether walt.it supports SD-JWT (by FIWARE's side?). 40 | 41 | * OID4VCI Keycloak integration 42 | Stefan updated keycloak integration with FIWARE/keycloak-vc-issuer . 43 | https://github.com/wistefan/keycloak/tree/add-vci 44 | Hitachi evaluated FIWARE/keycloak-vc-issuer and tries to modify it to support a VC issurance by Authorization Code flow by the end of Dec. 45 | 46 | * SIOPv2 47 | Paul tries to implement a SIOPv2 with Keycloak. 48 | 49 | * Working repository 50 | We use Stefan's forked repository for sharing our work: 51 | https://github.com/wistefan/keycloak 52 | It would be nice to directly push the work into the Keycloak upstream step by step. 53 | 54 | * OAuth 2.0 Grant Type SPI 55 | Dmitry tries to support each grant by a SPI provider instead of a single endpoint class. Hope for some preview in Feb. 24 56 | By doing so, use-case specific tweaking customization on existing grant could become easy. 57 | 58 | * 1st stage of GAIN POC Credential Exchange Profile 59 | https://gist.github.com/javereec/48007399d9876d71f523145da307a7a3 60 | 61 | * Next Web Meeting (planned) 62 | Wed 13 December 2023 12:00 - 13:00 UTC in 1 hour 63 | -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/3rd/3rd_breakout_session_minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | OAuth SIG - OID4VCs 3rd Breakout Session 4 | 5 | Date : 6 | Wed 13 November 2023 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 14:00 - 15:00 EET (UTC+2) 14 | 17:30 - 18:30 IST (UTC+5:30) 15 | 21:00 - 22:00 JST (UTC+9) 16 | 22:00 - 23:00 AEST (UTC+10) 17 | 18 | Venue : 19 | Zoom (presented by Adorsys) 20 | 21 | Host : 22 | Francis Pouatcha (Adorsys) 23 | 24 | Participants : 25 | Chris Cox (Integral) 26 | Dmitry Telegin (Backbase) 27 | Kevin (walt.id) 28 | Marek Posolda (Red Hat) 29 | Paul Templeman 30 | Phil Potisk (walt.id) 31 | Stefan Wiedemann (FIWARE) 32 | Takashi Norimatsu (Hitachi) 33 | 34 | Recording : 35 | https://us06web.zoom.us/rec/share/RPmzMlybCzyaCWGob8z7KST6nj0_-aU6hTBtO3ikCRBVIHmrLg1qTUMiIPoLuxU.Opw9F0x0jdwcSCDZ 36 | 37 | Summary : 38 | 39 | * Discussion 40 | We discuss issues in [Keycloak's discussion tab](https://github.com/keycloak/keycloak/discussions). 41 | We add "area/oid4vc" label for the issues. 42 | 43 | * Work in Hitachi 44 | The summary of the work is as follows: 45 | - Only modified FIWARE’s extension. (https://github.com/FIWARE/keycloak-vc-issuer) 46 | - Supported Authorization Code Flow for OID4VCI. 47 | - Used static scopes (ex. response_type=code&scope= types_packetdeliveryservice format_jwt_vc_json& ... ) 48 | - Authenticated a user registered in Keycloak and put their information onto a VC instead of using DID. 49 | - Defined and used several custom VC types. 50 | - Demonstrated issuing a VC by using VCWallet, Walt.id sever, and Keycloak with customized keycloak-vc-issuer. 51 | We would like to contribute our work as follows: 52 | - clone and checkout a branch https://github.com/wistefan/keycloak/tree/add-vci 53 | - port codes of our customized keycloak-vc-issuer to the branch. 54 | - push the PR. 55 | 56 | * Package naming 57 | We discussed how to name packages and continue discussing it. 58 | Discussion: https://github.com/keycloak/keycloak/discussions/25536 59 | 60 | * EdDSA 61 | Some Verifiable Credential (VC) data formats (vcdm, jwt-vc) requre Edwards-curve Digital Signature Algorithm (EdDSA). 62 | Discussion: https://github.com/keycloak/keycloak/discussions/25536 63 | Supporting EdDSA is in progress. 64 | PR: https://github.com/keycloak/keycloak/pull/17215 65 | 66 | * OAuth 2.0 Grant Type SPI (Discussed in 5th OAuth SIG meeting) 67 | It is better to support each grant by a SPI provider instead of a single endpoint class. 68 | Dmitry is working on it. 69 | Branch: https://github.com/CarrettiPro/keycloak/tree/feature/OAuth2.0-Grant-Type-SPI 70 | 71 | * Next Web Meeting 72 | Wed 20 December 2023 12:00 - 13:00 UTC in 1 hour 73 | -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/3rd/OAuth-SIG_OID4VC_3rd_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/3rd/OAuth-SIG_OID4VC_3rd_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/4th/OAuth-SIG_OID4VC_4th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/4th/OAuth-SIG_OID4VC_4th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/5th/OAuth-SIG_OID4VC_5th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/5th/OAuth-SIG_OID4VC_5th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/6th/OAuth-SIG_OID4VC_6th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/6th/OAuth-SIG_OID4VC_6th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/7th/OAuth-SIG_OID4VC_7th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/7th/OAuth-SIG_OID4VC_7th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/8th/OAuth-SIG_OID4VC_8th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/8th/OAuth-SIG_OID4VC_8th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/Breakouts/OID4VCs/9th/OAuth-SIG_OID4VC_9th_Breakout.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/Breakouts/OID4VCs/9th/OAuth-SIG_OID4VC_9th_Breakout.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/10th/presentations/OAuth-SIG_10th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/10th/presentations/OAuth-SIG_10th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/11th/11th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | Title : 2 | OAuth SIG(Special Interest Group) Community 11th Meeting 3 | (56th Ex FAPI-SIG) 4 | 5 | Date : 6 | May 2 April 2024 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 13:00 - 14:00 WAT (UTC+1) 14 | 14:00 - 15:00 EET (UTC+2) 15 | 17:30 - 18:30 IST (UTC+5:30) 16 | 21:00 - 22:00 JST (UTC+9) 17 | 22:00 - 23:00 AEST (UTC+10) 18 | 19 | Venue : 20 | Zoom (presented by Adorsys) 21 | 22 | Host : 23 | Francis Pouatcha (Adorsys) 24 | 25 | PM : 26 | Vinod Anandan (JPMorgan Chase & Co.) 27 | 28 | Tech Lead : 29 | Takashi Norimatsu (Hitachi) 30 | 31 | Participants : 32 | Dmitry Telegin (Backbase) 33 | Kannan Rasappan (Banfico) 34 | Maurice Quaedackers (Planon) 35 | Mostapha 36 | Paul Templeman (FIWARE) 37 | Sebastian Schuster (Bosch) 38 | Thomas Darimont (Identity Tailor GmbH) 39 | Timothy Stasse 40 | 41 | Presentation Materials : 42 | [1] OAuth SIG Community 11th Meeting Agenda 43 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/OAuth-SIG/meetings/11th/presentations/OAuth-SIG_11th_MTG_agenda.pdf 44 | 45 | Recording : 46 | https://us06web.zoom.us/rec/share/hDM6rOqMVPJL23CiHgI2OXikSHZrHX5dL_U3WNNlviDDcZkvZ0r0C757bLbZ1rb5.uY3_KmUU21LYORQQ 47 | 48 | Summary : 49 | 50 | * OID4VCI 51 | Epic issue: https://github.com/keycloak/keycloak/issues/25936 52 | 7 issues of 9 issues in total were resolved (1 issue were newly resolved). 53 | 54 | * Token Excnahge 55 | Thomas is investigating the gap between Keycloak's token exchange implementation and the token exchange specification. 56 | https://docs.google.com/document/d/1plbyw5C1W8q6sYolETfoGqHKIrFWjzYio22o9i6yDOk/edit?usp=sharing 57 | 58 | * Keycloak as a Cloud Wallet 59 | There are positive comments on Keycloak as a cloud wallet and verifier. 60 | 61 | * Community event proposal: Keyconf 24 62 | Date and Time: 10 AM to 4 PM, September 19th Thursday​ 63 | Venue: ARCOTEL Kaiserwasser, Vienna/Austria​ 64 | Sponsor: Adorsys, Banfico, Hitachi (also welcome other sponsors)​ 65 | Program: TBD (how to gather proposals of a talk, who select them, etc…)​ 66 | Budget: TBD, but about 6,000 - 10,000 EUR in total​ 67 | 68 | Sessionize can be used for planning the program. 69 | https://sessionize.com/ 70 | 71 | FYI: co-located event​ 72 | Open Source Summit Europe 2024​ 73 | Web Site: https://events.linuxfoundation.org/open-source-summit-europe/​ 74 | Date: September 16th Monday - 18th Wednesday​ 75 | Venue: Austria Center Vienna, Vienna/Austria 76 | 77 | * Others 78 | Takashi was appointed as Tech Lead of OAuth SIG. 79 | 80 | * Next Web Meeting 81 | Wed 5 June 2024 12:00 - 13:00 UTC in 1 hour 82 | 83 | 84 | -------------------------------------------------------------------------------- /OAuth-SIG/meetings/11th/presentations/OAuth-SIG_11th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/11th/presentations/OAuth-SIG_11th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/12th/presentations/OAuth-SIG_12th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/12th/presentations/OAuth-SIG_12th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/13th/presentations/OAuth-SIG_13th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/13th/presentations/OAuth-SIG_13th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/14th/presentations/OAuth-SIG_14th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/14th/presentations/OAuth-SIG_14th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/15th/presentations/OAuth-SIG_15th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/15th/presentations/OAuth-SIG_15th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/16th/presentations/OAuth-SIG_16th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/16th/presentations/OAuth-SIG_16th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/17th/17th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | Title : 2 | OAuth SIG(Special Interest Group) Community 17th Meeting 3 | (61st Ex FAPI-SIG) 4 | 5 | Date : 6 | Wed 6 November 2024 7 | 8 | Time : 9 | 12:00 - 13:00 UTC in 1 hour 10 | 8:00 - 9:00 EDT (UTC-4) 11 | 12:00 - 13:00 GMT (UTC+0) 12 | 13:00 - 14:00 CET (UTC+1) 13 | 13:00 - 14:00 WAT (UTC+1) 14 | 14:00 - 15:00 EET (UTC+2) 15 | 17:30 - 18:30 IST (UTC+5:30) 16 | 21:00 - 22:00 JST (UTC+9) 17 | 22:00 - 23:00 AEST (UTC+10) 18 | 19 | Venue : 20 | Zoom (presented by Adorsys) 21 | 22 | Host : 23 | Francis Pouatcha (Adorsys) 24 | 25 | PM : 26 | Vinod Anandan (JPMorgan Chase & Co.) 27 | 28 | Tech Lead : 29 | Takashi Norimatsu (Hitachi) 30 | 31 | Participants : 32 | Costas Georgilakis (GRNET) 33 | Dmitry Telegin (Backbase) 34 | Ingrid Kamga (Adorsys) 35 | Marek Posolda (Red Hat) 36 | Martin Besozzi 37 | mos 38 | Stefan Wiedemann 39 | Thomas Darimont (Identity Tailor) 40 | Welton Rodrigo Torres Nasciment0 41 | 42 | Presentation Materials : 43 | [1] OAuth SIG Community 17th Meeting Agenda 44 | https://github.com/keycloak/keycloak-oauth-sig/blob/main/OAuth-SIG/meetings/17th/presentations/OAuth-SIG_17th_MTG_agenda.pdf 45 | 46 | Recording : 47 | https://us06web.zoom.us/rec/share/xAlGiy_zoHFsmVh-wMq9HHTQWOSgryp4bs2ZnO_HK9ci-Yv7BXLkoC5PFHGmbxmq._RhyObTn2AQT34SC 48 | 49 | Summary : 50 | 51 | * Token Exchange 52 | Updated: Improve Support for Token-Exchange (https://github.com/keycloak/keycloak/issues/31546) 53 | Keycloak 26.2.x might include its official support, but not sure. 54 | 55 | * SSF 56 | PoC work is in progress. 57 | 58 | * OpenID Federation 59 | Experimental work is in progress. 60 | - Prepared an intermediate authority and trust anchor. 61 | - Confirmed that a client can be registered to Keycloak explicitly by its trust chain. 62 | - Confirmed that removing clients that are not used by a batch does not work. 63 | 64 | * OAuth 2.0 for First-Party Applications (FiPA) 65 | https://drive.google.com/file/d/1_KQC9AjyTY4xSgSp2G9Lz7Fz85Ygyjw9/view 66 | 67 | * Meeting Tool 68 | Try to use HackMD from the next monthly meeting. 69 | https://hackmd.io/@keycloak-oauth-sig 70 | 71 | * Next Web Meeting 72 | Wed 4 November 2024 12:00 - 13:00 UTC in 1 hour 73 | 74 | -------------------------------------------------------------------------------- /OAuth-SIG/meetings/17th/presentations/OAuth-SIG_17th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/17th/presentations/OAuth-SIG_17th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/18th/18th_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/18th/18th_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/18th/presentations/OAuth-SIG_18th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/18th/presentations/OAuth-SIG_18th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/19th/presentations/OAuth-SIG_19th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/19th/presentations/OAuth-SIG_19th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/1st/1st_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | OAuth SIG(Special Interest Group) Community 1st Meeting 4 | (Ex FAPI-SIG) 5 | 6 | Date : 7 | Wed 7 June 2023 8 | 9 | Time (summer time) : 10 | 12:00 - 13:00 UTC in 1 hour 11 | 8:00 - 9:00 EDT (UTC-4) 12 | 12:00 - 13:00 GMT (UTC+0) 13 | 13:00 - 14:00 CET (UTC+1) 14 | 14:00 - 15:00 EET (UTC+2) 15 | 16:30 - 17:30 IST (UTC+4:30) 16 | 20:00 - 21:00 JST (UTC+8) 17 | 21:00 - 22:00 AEST (UTC+9) 18 | 19 | Venue : 20 | Zoom (presented by Adorsys) 21 | 22 | Host : 23 | Francis Pouatcha (Adorsys) 24 | 25 | PM : 26 | Vinod Anandan (Citi) 27 | 28 | Presenter : 29 | Takashi Norimatsu (Hitachi) 30 | 31 | Participants : 32 | Dmitry Telegin (Backbase) 33 | Sebastian Schuster (Bosch Software Innovations) 34 | Marek Posolda (Red Hat) 35 | 36 | Presentation Materials : 37 | [1] OAuth SIG Community 1st Meeting Agenda 38 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/OAuth-SIG/meetings/1st/presentations/OAuth-SIG_1st_MTG_agenda.pdf 39 | 40 | Recording : 41 | TBD 42 | 43 | Summary : 44 | 45 | * KeyConf 23 46 | Date and Time: 10 AM - 4 PM, June 16, 2023 47 | Venue: Level39, 1 Canada Square, Canary Wharf, London, UK 48 | Web page: https://www.eventbrite.co.uk/e/keyconf-23-tickets-621079815447 49 | Tickets have been sold out. 50 | 51 | * PR of DPoP 52 | The main issue need to be resolved is to how to handle DPoP on UserInfo endpoint. 53 | It is preferable to make multiple phases and send PRs per phase. 54 | 55 | * Next Web Meeting 56 | Wed 5 July 2023 12:00 - 13:00 UTC in 1 hour 57 | -------------------------------------------------------------------------------- /OAuth-SIG/meetings/1st/presentations/OAuth-SIG_1st_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/1st/presentations/OAuth-SIG_1st_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/20th/20th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | # SIG Meeting: 2025-02-12 20th Meeting (65th from Ex FAPI-SIG) 2 | [Meeting Slides](https://github.com/keycloak/keycloak-oauth-sig/blob/main/OAuth-SIG/meetings/20th/presentations/OAuth-SIG_20th_MTG_agenda.pdf) 3 | 4 | - Date: Wed 12 February 2025 5 | - Time: 6 | 12:00 - 13:00 UTC in 1 hour 7 | 8:00 - 9:00 EDT (UTC-4) 8 | 12:00 - 13:00 GMT (UTC+0) 9 | 13:00 - 14:00 CET (UTC+1) 10 | 13:00 - 14:00 WAT (UTC+1) 11 | 14:00 - 15:00 EET (UTC+2) 12 | 17:30 - 18:30 IST (UTC+5:30) 13 | 21:00 - 22:00 JST (UTC+9) 14 | 22:00 - 23:00 AEST (UTC+10) 15 | 16 | ## Agenda 17 | Agenda Items to discuss 18 | 19 | ## Attendees 20 | - Alan Cha 21 | - Assah Bismark 22 | - Costas Georgilakis 23 | - Dmitry Telegin 24 | - Kannan Rasappan 25 | - Maia Iyer 26 | - Nathalia Pinesi 27 | - Takashi Norimatsu 28 | - Rodrick Awambeng 29 | - Stefan Wiedemann 30 | - Victoire Motouom 31 | - Vinod Anandan 32 | 33 | ## Notes 34 | Notes by Topic 35 | 36 | ### General 37 | - Takashi presents current state of efforts 38 | - Next OAuth SIG meeting will be held on Wednesday 5th March 2025. 39 | 40 | ### Transaction Token, SPIFEE for Workload Identity 41 | - In the first half of the meeting, Dmitry and the IBM team (Alan, Maia) had a presentation on the progress of Transaction Token support to Keycloak, and integration of Keycloak and SPIFEE for identifying workload and its authentication. 42 | - We continue discussing its technical aspect in the future breakout sessions. 43 | 44 | ### KeyConf 25 45 | - In the second half of the meeting, Nathalia presented an initial proposal for Keyconf 25. 46 | - Natalia will prepare the survey form for Keyconf 25 to gather opinions from community widely. 47 | (prepared: https://forms.office.com/Pages/ResponsePage.aspx?id=hFQsXiLlnUeRylFdbgziKBgok6UO9mxHnShifZvG4ehUMVVNS1lRQlpJNTFSM0tHRU5QS0RPSlI2Ry4u) 48 | 49 | ## Recordings 50 | https://us06web.zoom.us/rec/share/crV1UaXPe6T0tGYqK_cTn6NlqcttnB-5nqCjWMuM5MiHkNg2RMVCCtOqrlaVdHaH.SE4N0qFrw0tv8GU_ -------------------------------------------------------------------------------- /OAuth-SIG/meetings/20th/presentations/OAuth-SIG_20th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/20th/presentations/OAuth-SIG_20th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/21st/21st_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/21st/21st_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/21st/presentations/OAuth-SIG_21st_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/21st/presentations/OAuth-SIG_21st_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/22nd/22nd_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/22nd/22nd_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/22nd/presentations/OAuth-SIG_22nd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/22nd/presentations/OAuth-SIG_22nd_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/23rd/23rd_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/23rd/23rd_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/23rd/presentations/OAuth-SIG_23rd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/23rd/presentations/OAuth-SIG_23rd_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/24th/24th_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/24th/24th_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/24th/presentations/OAuth-SIG_24th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/24th/presentations/OAuth-SIG_24th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/25th/25th_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/25th/25th_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/25th/presentations/OAuth-SIG_25th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/25th/presentations/OAuth-SIG_25th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/26th/26th_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/26th/26th_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/26th/presentations/OAuth-SIG_26th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/26th/presentations/OAuth-SIG_26th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/27th/27th_MTG_Minute.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/27th/27th_MTG_Minute.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/27th/presentations/OAuth-SIG_27th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/27th/presentations/OAuth-SIG_27th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/28th/presentations/OAuth-SIG_28th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/28th/presentations/OAuth-SIG_28th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/2nd/presentations/OAuth-SIG_2nd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/2nd/presentations/OAuth-SIG_2nd_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/3rd/presentations/OAuth-SIG_3rd_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/3rd/presentations/OAuth-SIG_3rd_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/4th/presentations/OAuth-SIG_4th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/4th/presentations/OAuth-SIG_4th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/5th/presentations/OAuth-SIG_5th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/5th/presentations/OAuth-SIG_5th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/6th/6th_MTG_Minute.txt: -------------------------------------------------------------------------------- 1 | 2 | Title : 3 | OAuth SIG(Special Interest Group) Community 6th Meeting 4 | (51st Ex FAPI-SIG) 5 | 6 | Date : 7 | Wed 6 December 2023 8 | 9 | Time : 10 | 12:00 - 13:00 UTC in 1 hour 11 | 8:00 - 9:00 EDT (UTC-4) 12 | 12:00 - 13:00 GMT (UTC+0) 13 | 13:00 - 14:00 CET (UTC+1) 14 | 14:00 - 15:00 EET (UTC+2) 15 | 17:30 - 18:30 IST (UTC+5:30) 16 | 21:00 - 22:00 JST (UTC+9) 17 | 22:00 - 23:00 AEST (UTC+10) 18 | 19 | Venue : 20 | Zoom (presented by Adorsys) 21 | 22 | Host : 23 | Francis Pouatcha (Adorsys) 24 | 25 | Presenter : 26 | Dmitry Telegin (Backbase) 27 | Takashi Norimatsu (Hitachi) 28 | 29 | Participants : 30 | Costas Georgilakis (GRNET) 31 | Maaten van Hulsentop 32 | Marek Posolda (Red Hat) 33 | Maurice Quaedackers (Planon) 34 | Paul Templeman 35 | Phil Potisk (walt.id) 36 | Pritish Joshi (Banfico) 37 | Sebastian Schuster (Bosch) 38 | Stefan Wiedemann (FIWARE) 39 | Thomas Darimont (codecentric) 40 | Vinod Anandan (Citi) 41 | 42 | Presentation Materials : 43 | [1] OAuth SIG Community 6th Meeting Agenda 44 | https://github.com/keycloak/keycloak-oauth-sig/blob/master/OAuth-SIG/meetings/6th/presentations/OAuth-SIG_6th_MTG_agenda.pdf 45 | 46 | Recording : 47 | https://us06web.zoom.us/rec/share/fKEHIPyUFvD7hggf7zRzEiNrGLkND_X6R2q1gHnUpvFLYHP4JGLhTGaQUzQcFWth.-nyb6FcqL-dZORC1 48 | 49 | Summary : 50 | 51 | * Token Exchange 52 | To move its status of technology preview to official supported, we arrange its breakout session with Pedro, the keycloak maintainer. 53 | Spec: https://www.rfc-editor.org/rfc/rfc8693 54 | - What Keycloak already supported, and not supported. 55 | - What we need to cover them to move its status of technology preview to official supported. 56 | 57 | * OID4VCs 58 | The 2nd breakout session minute is available in https://github.com/keycloak/keycloak-oauth-sig/blob/main/OAuth-SIG/Breakouts/OID4VCs/2nd/2nd_breakout_session_minute.txt 59 | The 3rd breakout sessoin will be held on Wed 13 Dec. 60 | 61 | * CORS SPI 62 | Issue: https://github.com/keycloak/keycloak/issues/12682 63 | Proposal for using SPI provider for customizing CORS headers. 64 | Need to reduce or even avoid a breaking change for the "Legacy" Cors API. 65 | 66 | * Community event annoucement: Keycloak DevDay 2024 67 | Feb 22 2024, Frankfurt, Germany 68 | https://www.keycloak-day.dev/ 69 | A ticket is availabe. 70 | 71 | * Community event proposal: Keyconf 24 72 | We held Keyconf 23 on Jun, London, UK. How about the same meeting in the next year? 73 | We will discuss it in the next meeting. Day, Venue, Sponsor, Program, and so on. 74 | 75 | * Next Web Meeting 76 | Wed 3 January 2024 12:00 - 13:00 UTC in 1 hour 77 | -------------------------------------------------------------------------------- /OAuth-SIG/meetings/6th/presentations/OAuth-SIG_6th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/6th/presentations/OAuth-SIG_6th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/7th/presentations/OAuth-SIG_7th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/7th/presentations/OAuth-SIG_7th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/8th/presentations/OAuth-SIG_8th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/8th/presentations/OAuth-SIG_8th_MTG_agenda.pdf -------------------------------------------------------------------------------- /OAuth-SIG/meetings/9th/presentations/OAuth-SIG_9th_MTG_agenda.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/OAuth-SIG/meetings/9th/presentations/OAuth-SIG_9th_MTG_agenda.pdf -------------------------------------------------------------------------------- /conformance-tests-env/.env: -------------------------------------------------------------------------------- 1 | # 2 | # Common Settings 3 | # 4 | 5 | # Workaround for docker desktop on windowns 6 | # https://github.com/keycloak/keycloak-oauth-sig/issues/810 7 | # if you run the test on windonws, set the following environment valiable 8 | #COMPOSE_BAKE=false 9 | 10 | # Conformance-suite 11 | OPENID_GIT_URL=https://gitlab.com/openid/conformance-suite.git 12 | OPENID_GIT_TAG=release-v5.1.36 13 | 14 | # FQDN 15 | RESOURCE_FQDN=rs.keycloak-fapi.org 16 | CONSENT_FQDN=cs.keycloak-fapi.org 17 | CONFORMANCE_SUITE_FQDN=conformance-suite.keycloak-fapi.org 18 | 19 | # Test 20 | AUTOMATE_TESTS=true 21 | TEST_PLAN=--fapi1-advanced-all 22 | 23 | # 24 | # Test Target Specific Settings 25 | # 26 | # Keycloak 27 | # 28 | 29 | # Image version 30 | KEYCLOAK_BASE_IMAGE=quay.io/keycloak/keycloak:26.4.0 31 | 32 | # Realm 33 | KEYCLOAK_REALM=test 34 | KEYCLOAK_USER=admin 35 | KEYCLOAK_PASSWORD=admin 36 | KEYCLOAK_REALM_IMPORT_FILENAME=realm-fapi1-advanced.json 37 | 38 | # FQDN 39 | KEYCLOAK_FQDN=as.keycloak-fapi.org 40 | AUTH_ENTITY_FQDN=aes.keycloak-fapi.org 41 | 42 | # Endpoint 43 | KEYCLOAK_FRONTEND_URL=https://${KEYCLOAK_FQDN}/auth 44 | KEYCLOAK_INTROSPECTION_ENDPOINT_FROM_API_GATEWAY=${KEYCLOAK_FRONTEND_URL}/realms/test/protocol/openid-connect/token/introspect 45 | 46 | # Custom SPI Providers 47 | # replace with a .jar file to be deployed 48 | KEYCLOAK_SPI_0=custom-spi.txt 49 | 50 | # Maven local repository 51 | MVN_HOME=~/.m2 52 | -------------------------------------------------------------------------------- /conformance-tests-env/common/api-gateway-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM openresty/openresty:1.25.3.2-0-alpine-fat 2 | 3 | RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-openidc \ 4 | && /usr/local/openresty/luajit/bin/luarocks install lua-resty-jit-uuid 5 | 6 | COPY *.template /usr/local/openresty/nginx/conf/ 7 | COPY *.lua /usr/local/openresty/ 8 | 9 | COPY entrypoint.sh /usr/local/sbin/ 10 | RUN chmod +x /usr/local/sbin/entrypoint.sh 11 | 12 | EXPOSE 443 13 | 14 | ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"] 15 | CMD [] 16 | -------------------------------------------------------------------------------- /conformance-tests-env/common/api-gateway-nginx/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | CONF_DIR=/usr/local/openresty/nginx/conf 4 | envsubst '$SERVER_NAME $SERVER2_NAME' < $CONF_DIR/nginx.conf.template > $CONF_DIR/nginx.conf && cat $CONF_DIR/nginx.conf 5 | 6 | update-ca-certificates 7 | 8 | nginx -g 'daemon off;' 9 | -------------------------------------------------------------------------------- /conformance-tests-env/common/api-gateway-nginx/fapi-verify.lua: -------------------------------------------------------------------------------- 1 | local openidc = require("resty.openidc") 2 | 3 | openidc.set_logging(nil, { DEBUG = ngx.INFO }) 4 | 5 | local opts = { 6 | discovery = os.getenv("DISCOVERY_URL"), 7 | introspection_endpoint = os.getenv("INTROSPECTION_ENDPOINT_URL"), 8 | client_id = "resource-server", 9 | client_secret = os.getenv("CLIENT_SECRET"), 10 | ssl_verify = "yes", 11 | } 12 | 13 | local res, err = nil 14 | if opts.introspection_endpoint ~= nil then 15 | opts.introspection_interval = 0 16 | 17 | ngx.log(ngx.INFO, "Calling introspection endpoint on address: " .. opts.introspection_endpoint) 18 | 19 | -- call introspect for OAuth 2.0 Bearer Access Token validation 20 | res, err = openidc.introspect(opts) 21 | 22 | elseif opts.discovery ~= nil then 23 | opts.token_signing_alg_values_expected = { "RS256" } 24 | opts.accept_none_alg = false 25 | opts.accept_unsupported_alg = false 26 | 27 | -- verify JWT for OAuth 2.0 Bearer Access Token validation 28 | res, err = openidc.bearer_jwt_verify(opts) 29 | 30 | else 31 | ngx.status = 500 32 | ngx.log(ngx.ERR, "need to configure DISCOVERY_URL or INTROSPECTION_ENDPOINT_URL") 33 | ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) 34 | end 35 | 36 | if err or not res then 37 | ngx.status = 401 38 | ngx.say(err and err or "no access_token provided") 39 | ngx.exit(ngx.HTTP_UNAUTHORIZED) 40 | end 41 | 42 | if res.cnf == nil or res.cnf["x5t#S256"] == nil then 43 | ngx.status = 401 44 | ngx.say("no cnf.x5t#S256 provided in access_token") 45 | ngx.exit(ngx.HTTP_UNAUTHORIZED) 46 | end 47 | 48 | -- FAPIRW-5.2.2-5 Handling holder of key bound for access token 49 | -- https://openid.net/specs/openid-financial-api-part-2-ID2.html#rfc.section.5.2.2 50 | -- https://tools.ietf.org/html/rfc8705 51 | 52 | local ssl = require "ngx.ssl" 53 | local der_client_cert, err = ssl.cert_pem_to_der(ngx.var.ssl_client_raw_cert) 54 | if not der_client_cert then 55 | ngx.log(ngx.ERR, "failed to convert client certificate from PEM to DER: ", err) 56 | ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR) 57 | end 58 | 59 | local resty_sha256 = require "resty.sha256" 60 | local sha256 = resty_sha256:new() 61 | sha256:update(der_client_cert) 62 | local digest = sha256:final() 63 | 64 | local b64 = require("ngx.base64") 65 | local encoded = b64.encode_base64url(digest) 66 | 67 | if encoded ~= res.cnf["x5t#S256"] then 68 | ngx.log(ngx.ERR, "unmatch request client certificate and cnf.x5t#S256 in access_token: " .. encoded .. " != " .. res.cnf["x5t#S256"]) 69 | ngx.exit(ngx.HTTP_UNAUTHORIZED) 70 | end 71 | 72 | -- FAPI-R-6.2.1-11 Handling x-fapi-interaction-id 73 | -- https://openid.net/specs/openid-financial-api-part-1-ID2.html#rfc.section.6.2.1 74 | if ngx.var.http_x_fapi_interaction_id == nil then 75 | local uuid = require 'resty.jit-uuid' 76 | ngx.req.set_header("x-fapi-interaction-id", uuid()) 77 | end 78 | ngx.header["x-fapi-interaction-id"] = ngx.var.http_x_fapi_interaction_id -------------------------------------------------------------------------------- /conformance-tests-env/common/https/.gitignore: -------------------------------------------------------------------------------- 1 | .bin 2 | #*.pem 3 | #*.csr 4 | 5 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/ca-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "signing": { 3 | "default": { 4 | "expiry": "43800h" 5 | }, 6 | "profiles": { 7 | "server": { 8 | "expiry": "43800h", 9 | "usages": [ 10 | "signing", 11 | "key encipherment", 12 | "server auth" 13 | ] 14 | }, 15 | "client": { 16 | "expiry": "43800h", 17 | "usages": [ 18 | "signing", 19 | "key encipherment", 20 | "client auth" 21 | ] 22 | } 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/ca-csr.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "Keycloak-fapi CA", 3 | "key": { 4 | "algo": "rsa", 5 | "size": 2048 6 | }, 7 | "names": [ 8 | { 9 | "C": "JP", 10 | "L": "", 11 | "O": "Secure OSS Sig", 12 | "OU": "Keycloak-fapi", 13 | "ST": "CA" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/ca-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAtVplQ6V37UyuTTw9nSGMFlbFHTzRYmw2/ZBBcZBbAZ6fHq41 3 | IymxjEg8Lcglt1V8VIDchWApfenxWQQeh+uaHHiJEhJ7Vrx57x62a+Du3yhBXTkZ 4 | /AmSIXiqGY/PKNGz2B1YGYxNdul+q9tT23xIaNhjKtLUP/XaT+R6xXFPKb/2H3us 5 | c9AWC/Z2qEuwNjiJ7FMJTIilVLL1XFtt0Yo75z00LiZAAvRUaICuD7jnkbl8Vjgx 6 | JJ5dqBRzQW8M/yVn5Yo1RhMBXl+OdkfES8J5goFVl8XbuUFAUFE3mEWTcOAOClLW 7 | im172uI9grsyMBbFui7cvKIlmZ+YkEr6fqlBEwIDAQABAoIBAFBJgsdd/CgMaKY8 8 | 4zIrZe+F3qJBCJnAOuAq+y4hsIiZBuz4RwIYNUhbuniyQTBXIkHvArHxjqz14yl7 9 | j2CxR3sPSe+8SuptarYYLL65yEb3dWimHQDd49n5p6TFa/swS6SD6Tr2SF06ph/D 10 | a+6hqRTxp4WP7POcDliMWGYM8fUTDkDmjTCc/HOIKQucIW8O3KVR6/x/qDLHICg0 11 | GJUabBp4vPoGYf9yg6bj6zbBkvT7ps5wQQzF+A0qYO9xkJw7LX6BlqIXEm0ThZ3L 12 | p5kjrQVS7bO3lwe0SrKlVaHKBJEvf9SruvLk3pqqdejiSDD/xazuMXRc5hOr1P8V 13 | C5bNiKECgYEA1K/p7Rd51eiEZnGyNDU6cZhDQ5x03RBTT83PUJgmjHyV+DLW+oFD 14 | 0r8HVFaf+OWkdQF/eaAuLCgkFqoRTdeByA4pU1JTUMfJfDUVuV92yeRZFK653J8X 15 | ZvHEF6V0di8hlZP/SFzyny4SxPihDyAyc2R+XuILe3I7l7tg+poS9hkCgYEA2kjv 16 | BuPTjM8APMFl0swaWZWGk1sYGX2kmgESZfP+b4ulI6Pkzx3gIAdAi4QUc909h5GB 17 | QgjVBOEG6cihmPynXi5QX3nClEyhKjmPl8oMxjbfL/a/NZVp5ySieYxdDJHyjfRP 18 | ScqW9bzFcUZa2vtZ+8oR/GknGUCOOc3/B0nH3gsCgYEAsCRQU67RlDpRDJa0w1Ah 19 | 6tnzOxdkIYDXvovwWgroQgkcGsXgDO7pQKw8YbisG/Hz1YM8E3p5QtCrsql+Uz1b 20 | mldAGmVf4tLTJy6/oxpQwrt+mwZpnzGSrAsmH39DiG1YHwzGqyNvPC1oFgDjQiek 21 | ILTlg6cpYz8j43Gny2O2uGECgYAByrt7mP8xlrlvxj6pvlcxCRMzvnmyK9/gC8Y0 22 | 5A3gqIrQghXsxVgDq0uSWaE5WkWZCU7AVgY5pgdCgA0jjl9pXIP4ZK1+PirMh/Bv 23 | 1I7KScUHRcVIEVPvO9PBn69b3Q7ar3i/KFSY69XLGkLArXONp5kCM3LIuEjynIhN 24 | bQOhBQKBgAS/ZVVPa2oPQ3Xg1YwHKLv/k1C23bJwrUdNj+RFRGQIiDWoJ/51tpUu 25 | kFhLYp5ewvu7OPjShNp35vPcJCs7JrV4eAgD2Yr4wvkzf6rsFfPmFSAyBVp/tk7/ 26 | xN9aH0OG3p8WKu4yT0766BbAMBJCdrME1QQEXg/waPsUu2DDYNHn 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDwDCCAqigAwIBAgIUcylkg7zLYB7tp9rMa+3cTuBbr0EwDQYJKoZIhvcNAQEL 3 | BQAwZjELMAkGA1UEBhMCSlAxCzAJBgNVBAgTAkNBMRcwFQYDVQQKEw5TZWN1cmUg 4 | T1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEZMBcGA1UEAxMQS2V5Y2xv 5 | YWstZmFwaSBDQTAeFw0yMTA3MjgwODIyMDBaFw0yNjA3MjcwODIyMDBaMGYxCzAJ 6 | BgNVBAYTAkpQMQswCQYDVQQIEwJDQTEXMBUGA1UEChMOU2VjdXJlIE9TUyBTaWcx 7 | FjAUBgNVBAsTDUtleWNsb2FrLWZhcGkxGTAXBgNVBAMTEEtleWNsb2FrLWZhcGkg 8 | Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1WmVDpXftTK5NPD2d 9 | IYwWVsUdPNFibDb9kEFxkFsBnp8erjUjKbGMSDwtyCW3VXxUgNyFYCl96fFZBB6H 10 | 65oceIkSEntWvHnvHrZr4O7fKEFdORn8CZIheKoZj88o0bPYHVgZjE126X6r21Pb 11 | fEho2GMq0tQ/9dpP5HrFcU8pv/Yfe6xz0BYL9naoS7A2OInsUwlMiKVUsvVcW23R 12 | ijvnPTQuJkAC9FRogK4PuOeRuXxWODEknl2oFHNBbwz/JWflijVGEwFeX452R8RL 13 | wnmCgVWXxdu5QUBQUTeYRZNw4A4KUtaKbXva4j2CuzIwFsW6Lty8oiWZn5iQSvp+ 14 | qUETAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEC 15 | MB0GA1UdDgQWBBQ9M05riUFO2i/MeOo+J66KgURwfzAfBgNVHSMEGDAWgBQ9M05r 16 | iUFO2i/MeOo+J66KgURwfzANBgkqhkiG9w0BAQsFAAOCAQEAa8JoeWb1qSubZsk/ 17 | xYMSUht2yRNaJKmImasmzJCCf3H3Me6Ed5mLCd4iyichWPo8692rsslAuRj4h6/+ 18 | Z3QqwCW0g06quJetiz7Y/T/oOyDhasHi8Qx+CWrFlzzwLnLyKD72xgA4vyLSYXEV 19 | 0Q0MqzVzRlnGZ2Ym7kwTL1a7OjCt7VRDtOxYLSfoAP6Pdoxj53CzM7+HJu+aQB4P 20 | VIEyS3sqOGuyViY95kiJFEgk471gPc4WXaMKb0rW6AnDWeUHxbl+bfNFAjCGNNNJ 21 | p4GitWnAFNNmt2RVE3D3KMpLR9LD2tX/T3mOKcFRGNOgSf178x8+snOpEP6y93h/ 22 | AJ+U6w== 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client-ca-csr.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "Keycloak-fapi Private CA", 3 | "key": { 4 | "algo": "ecdsa", 5 | "size": 256 6 | }, 7 | "names": [ 8 | { 9 | "C": "JP", 10 | "L": "", 11 | "O": "Secure OSS Sig", 12 | "OU": "Keycloak-fapi", 13 | "ST": "Private CA" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client-ca-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEIP1ScLa1HP0/jvXEW++7mcn8P7+xZ3EMVBAMWbEWX5w0oAoGCCqGSM49 3 | AwEHoUQDQgAEuQC07m8jsFDRFRvJ1qA940M/s8H6VwJun+X7+o4QpNVrSWrDfrZm 4 | XjuWo+CMp21W8nVyW85OnMWnco41IlbLug== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client-ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICUzCCAfqgAwIBAgIUNg8NuXKnUtN9C0UkBm9I2PUm5sswCgYIKoZIzj0EAwIw 3 | djELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNl 4 | Y3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhL 5 | ZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMjQwNjA1MTAyNzAwWhcNMjkwNjA0 6 | MTAyNzAwWjB2MQswCQYDVQQGEwJKUDETMBEGA1UECBMKUHJpdmF0ZSBDQTEXMBUG 7 | A1UEChMOU2VjdXJlIE9TUyBTaWcxFjAUBgNVBAsTDUtleWNsb2FrLWZhcGkxITAf 8 | BgNVBAMTGEtleWNsb2FrLWZhcGkgUHJpdmF0ZSBDQTBZMBMGByqGSM49AgEGCCqG 9 | SM49AwEHA0IABLkAtO5vI7BQ0RUbydagPeNDP7PB+lcCbp/l+/qOEKTVa0lqw362 10 | Zl47lqPgjKdtVvJ1clvOTpzFp3KONSJWy7qjZjBkMA4GA1UdDwEB/wQEAwIBBjAS 11 | BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRZtMPo5MtW7lx9atG6OgKDKiPz 12 | GjAfBgNVHSMEGDAWgBRZtMPo5MtW7lx9atG6OgKDKiPzGjAKBggqhkjOPQQDAgNH 13 | ADBEAiBK4fzc7+ICPQbrHIPF5eCSDY9it1hHF9/GNW5Mi0LLsQIgcE+zJlYFS98K 14 | hJHDOlOd0JLeqJExAujVGd6u8XFc7z8= 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client1-csr.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "client1", 3 | "hosts": [ 4 | "" 5 | ], 6 | "key": { 7 | "algo": "rsa", 8 | "size": 2048 9 | }, 10 | "names": [ 11 | { 12 | "C": "JP", 13 | "L": "", 14 | "O": "Secure OSS Sig", 15 | "OU": "Keycloak-fapi", 16 | "ST": "Client" 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client1-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAv/pBV+UrJiMpRX+sE9cUPtLJzvSB2w4fpojBAoZ8LcvaMK3q 3 | KoLIyMWQylQnGYZ3Cn7HrVzHWKPoYJYDF+dcD/EZEZyNV+5T9BbteDjkEQpPGyEs 4 | 0pWe1xsZcIUBqH9sgTM4zX+5kuREmwDTV226k+H1grHg4F71Q4gN5KGofMLPKNBj 5 | KyOAPsCcSR9Uw5b/ytS3LZ+8NX56vT+gkS0tSigt7nxcpPee89HzmBOB05+YhYKK 6 | +hscIVdaOf174h4SyqvqQdA2PKIYLwiW/0TPvqmwLgKKv0UV/qiQTxHYsHCimweM 7 | 6uznUlaSeCOpek+XBKouIMkbvSJyrMe6ly6SkwIDAQABAoIBAQCfqhkyauzKGTA4 8 | FwkcryKtZU5mi0B82XBFZzNvUD5zMDnVhq9cj81B/d6ACCFEv2q+FdcoPiOlexzH 9 | R7xm4wrUT2bUGOoNGbBFL9RsypQUAAjuvVa0BbBHosgzpstMQj4R7nHtp67Flofg 10 | in07F423dJRmEF7A/PjrI3q6jiC9MS7kVsqsGxCS7T1a5vvcxw1abQL7JdgqB8/i 11 | LPZfQAeUj5Pnr2UWzhtRWEkD5PGKcp4+ZprcnExZ18ylcoY92rsHN5l4ZaMnpGnU 12 | d663IVYn0hmqsViPIUigsEd5pvu9+oyiBQLzRcungocC7ZagSYCS9ytmGcT0HsbF 13 | gUxu5KMxAoGBAOyY2tw3W1PtESDWnKzVnT28ycBFmpYrtpKHD54VKrNGYdt6r7Xs 14 | CKeAbmrJDy/aOIkIh/znvGWI2M+IW8SMvc54+KqPxY1thLdFUE8u73Soc6QqZ+Pc 15 | y/CC6qRFusK43aw5qlab+FrSdV04r2cr5tqsZA+WnNEa/a0YTckFLMPnAoGBAM+4 16 | py5SHL+n0wtmxFdCeZMBZcOzqp4di3q2T3TZS1QSYEdaTKlmCjnRcCEdB562V4el 17 | AnokfAj+lOyRYOJJu6Ru65jSFkDHo7xYQ67ucHDFVQw59ZWIXzPr1tUsUbwAWwfn 18 | 5iBuAa0xKWKJSxbtiKQp8lGKTvU1soiiRmbpnWZ1AoGBAJiHKoFRxrTiXmp3MOZT 19 | iF1mugIUXUZ2w+rO24ikSLTuqOOfwmtb0XB64bRCDmJhIpVlRJYMp24lvPB+Dfs2 20 | aJ8Vaeo7abZ1ZlvoeY+yyHjCqFqrY/KIQ4m4PKDOu0oReAcx3dicEI4so7EHfDzd 21 | FqTfAlryVAKSjfvrcSopBeT9AoGAJU1asGXMhdpkeuKslaL5ZB3XIYrNM/HIT3QX 22 | 1rsC3QkjwwyDQdRyN6nVwgyNhsHl/BT02exdXdwh8E23IUvuZ3wH0PzBREbVr4gG 23 | N47YIFg/ip+J651+wzsx7Dw2PVWvAz9wwxgeMvTmIqzXEDn91MU3n87/mOdYtVK2 24 | 49pGCtUCgYAMsLzGkmZDpP47HPv30iqie2VWoCA7iuUT1aqCyQqAmRDo5ZyOB2ZG 25 | 5yxBjSdCZeQVVgfNHnCLMKJ/4r6EQnXYWAzR65HbrkC49FWZM35blUWLHriMk+1K 26 | n6PSgQKJDqb7OJC3lucHcl/cx1BIRujLptMn0yMPJzHBuJO0xCPfsQ== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDJzCCAs6gAwIBAgIUaf4/a2nN138PyceHEIXBIO1iPPYwCgYIKoZIzj0EAwIw 3 | djELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNl 4 | Y3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhL 5 | ZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMjQwNjA1MTAyNzAwWhcNMjkwNjA0 6 | MTAyNzAwWjBhMQswCQYDVQQGEwJKUDEPMA0GA1UECBMGQ2xpZW50MRcwFQYDVQQK 7 | Ew5TZWN1cmUgT1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEQMA4GA1UE 8 | AxMHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/6QVfl 9 | KyYjKUV/rBPXFD7Syc70gdsOH6aIwQKGfC3L2jCt6iqCyMjFkMpUJxmGdwp+x61c 10 | x1ij6GCWAxfnXA/xGRGcjVfuU/QW7Xg45BEKTxshLNKVntcbGXCFAah/bIEzOM1/ 11 | uZLkRJsA01dtupPh9YKx4OBe9UOIDeShqHzCzyjQYysjgD7AnEkfVMOW/8rUty2f 12 | vDV+er0/oJEtLUooLe58XKT3nvPR85gTgdOfmIWCivobHCFXWjn9e+IeEsqr6kHQ 13 | NjyiGC8Ilv9Ez76psC4Cir9FFf6okE8R2LBwopsHjOrs51JWkngjqXpPlwSqLiDJ 14 | G70icqzHupcukpMCAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww 15 | CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU5/IOtbKQOx6eAVj9 16 | fklxc64C3iMwHwYDVR0jBBgwFoAUWbTD6OTLVu5cfWrRujoCgyoj8xowCwYDVR0R 17 | BAQwAoIAMAoGCCqGSM49BAMCA0cAMEQCIFaWCQmVKKr330jTe2zLcA7CcE54FnLK 18 | uk9K6wGhiTK1AiBVU1ek9t/AiqAEe48on8jfbT+onWdsPPn0Lw3t1kmI7g== 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client2-csr.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "client2", 3 | "hosts": [ 4 | "" 5 | ], 6 | "key": { 7 | "algo": "rsa", 8 | "size": 2048 9 | }, 10 | "names": [ 11 | { 12 | "C": "JP", 13 | "L": "", 14 | "O": "Secure OSS Sig", 15 | "OU": "Keycloak-fapi", 16 | "ST": "Client" 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client2-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEAp3AH2+QkzVlgw8Mxqcl2Itzx371G1Hn+m6Sp0dPvCozUZ0T4 3 | tp9rnk0EYqIZI+TU3koZ4rM4+Jju1fIa+59v5wvEHfyDQR/+kC9l6pV78GAtWLmW 4 | O8DVMOBIa8wNM/zhk+Apgw8wX8JT/3050v5vE9nojGhcVfpoMjFTOdiTEmzc+0P1 5 | KbOiockn4Lbw8qprUidDHduUHefjA//e2wqvgcn5NO/Si9M98EB0mx4xEX6M+3XI 6 | bGFsz8c7F9CUYhp1WqsBwgJwymxn0RKLMgQm4AjwYz23ii8Vilpjk87elVQIPRkz 7 | FjBD1zX7zZHmsMthssem06WUiRmENubYmny4swIDAQABAoIBAH/v3lFqdaRiksmC 8 | MERnp1jkMfyfh6t6u8z5eLjXk2MgUHvH+7KvBXAjsSIccdE3XF+thzHtd66cTII1 9 | R+DT5pFIMEYpV7E/XSeWz+z644S8OGn/BIgLw9pgxXV4qO38X/C563408OV6euxR 10 | JwnNV9p3OnVumH8poswXXFxq25XLVGmlmN30ucxM6l5diXySf6Tn2vaIsVX0gOOX 11 | NSptkAV0QgwRYOuX2uLgdmHW8QUXIhZU6lbmXhe3QkZRDqvi67XobBwCX6/GIMAt 12 | kbX1Knp/aoh0N2pFbDogRRv16rlNgAWPOjzk54z7f9g3zk3bSZm18uIwzTyIHQKI 13 | Jw0OTGECgYEA00URyY0ZRa32EQEKeZ6XJhk+eMsnXGXPgX3cgjCBwvoqLUJUxnRH 14 | O8bxVatWotaavbUM1tcj6RPoudcVoqKOxasy7W/MLQQTpxLR+HL9EZKvWnrDsMIQ 15 | eAY1LPoa7ns+YqXkV755rwgfEl8H3TPTpvqDHpoJDM8JJ5DQQXvKTq0CgYEAyuM8 16 | E0JlCJhsquL8paema3HCh/RAjyplMWg9xzJXthmL11DL2o9Ks86+f+oBkzLvOXA2 17 | bnHr4J9luTFq3H85xRyVdEPnzcYH2rOWJG083JQdLJjLKyCOj3Mb3z3PeAejdAw4 18 | EX2hQDO+chKp/F801WFM/rSSiJlrqI/lLXmA8N8CgYA4N7Xe+wPRjdPffHZsHG49 19 | /hOoku57YMARxgsKPZwZ5PWaK39he4mE95A6aqhYFmEAwA+Vj5QHrnuMEBa6uyTg 20 | poibs9cR13bfS1vCD98VcQHmQqqV+13kgkpeGINYGEVmfJxBWPcKQ0/5VH5EN0lH 21 | snt3hieIWAMomxk/g5A21QKBgDroBwVAfb0lJEfpZ5lhN7xyZxy6GhR3JrJVpbo0 22 | L6s7d5KobseiWvohyMWy14o5e6OdpPAkO2wYW5yNcI1ckxVb2zjKjn78REOHaMxi 23 | uw0AJAhSxIpdBYc40Jrcg2RCM376HT1W0H6nh1/vc1NHATwC6Cv7mZ/3i36BaPTv 24 | FjTZAoGADrba0Dp973akNy9hAjGiUXU9Q0CU5QjS+Ur4CjNZZa6cy0YMoepZS+1z 25 | Y7ATqpV4LdHqKqO7IPGuS86wNhGuusSm+MOg6uIqliKbmHdOPN/KalDYXacP6kpS 26 | d7vop7jYminJwNPrTJQJ6eT09O8uyo4T2eDqzt1fNu/G52onuT8= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/client2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDJzCCAs6gAwIBAgIUNcsLMeP0qtJ4ZXxMVCJRT77wUlwwCgYIKoZIzj0EAwIw 3 | djELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNl 4 | Y3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhL 5 | ZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMjQwNjA1MTAyNzAwWhcNMjkwNjA0 6 | MTAyNzAwWjBhMQswCQYDVQQGEwJKUDEPMA0GA1UECBMGQ2xpZW50MRcwFQYDVQQK 7 | Ew5TZWN1cmUgT1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEQMA4GA1UE 8 | AxMHY2xpZW50MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKdwB9vk 9 | JM1ZYMPDManJdiLc8d+9RtR5/pukqdHT7wqM1GdE+Lafa55NBGKiGSPk1N5KGeKz 10 | OPiY7tXyGvufb+cLxB38g0Ef/pAvZeqVe/BgLVi5ljvA1TDgSGvMDTP84ZPgKYMP 11 | MF/CU/99OdL+bxPZ6IxoXFX6aDIxUznYkxJs3PtD9SmzoqHJJ+C28PKqa1InQx3b 12 | lB3n4wP/3tsKr4HJ+TTv0ovTPfBAdJseMRF+jPt1yGxhbM/HOxfQlGIadVqrAcIC 13 | cMpsZ9ESizIEJuAI8GM9t4ovFYpaY5PO3pVUCD0ZMxYwQ9c1+82R5rDLYbLHptOl 14 | lIkZhDbm2Jp8uLMCAwEAAaOBgzCBgDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww 15 | CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUqMIBmFLob9gy5ZOZ 16 | qHD7aHKuAxEwHwYDVR0jBBgwFoAUWbTD6OTLVu5cfWrRujoCgyoj8xowCwYDVR0R 17 | BAQwAoIAMAoGCCqGSM49BAMCA0cAMEQCIEYf2GsgBHNWbm7kQenf/VnxtC1N6FMR 18 | aIFJMM3oKwkXAiBtwZ6PpOQrOMnxJ6XeRbxK6k5jl4j94apIvQN52CKbKg== 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/generate-clients.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DIR=$(cd $(dirname $0); pwd) 4 | cd $DIR 5 | 6 | type cfssl 7 | if [ $? -ne 0 ]; then 8 | type .bin/cfssl 9 | if [ $? -ne 0 ]; then 10 | # Install cfssl 11 | mkdir -p .bin 12 | curl -s -L -o .bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 13 | curl -s -L -o .bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 14 | chmod +x .bin/{cfssl,cfssljson} 15 | fi 16 | PATH=$PATH:.bin 17 | fi 18 | 19 | # Generate 20 | cfssl gencert -initca client-ca-csr.json | cfssljson -bare client-ca 21 | cfssl gencert -ca=client-ca.pem -ca-key=client-ca-key.pem -config=ca-config.json -profile=client client1-csr.json | cfssljson -bare client1 22 | cfssl gencert -ca=client-ca.pem -ca-key=client-ca-key.pem -config=ca-config.json -profile=client client2-csr.json | cfssljson -bare client2 23 | 24 | # Verify 25 | openssl x509 -in client-ca.pem -text -noout 26 | openssl x509 -in client1.pem -text -noout 27 | openssl x509 -in client2.pem -text -noout 28 | 29 | # Copy certs to keycloak folder for Keycloak.x 30 | cp client-ca.pem $DIR/../keycloak -------------------------------------------------------------------------------- /conformance-tests-env/common/https/generate-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ARG1: Hostname of Keycloak server 4 | # ARG2: Hostname of Resource server 5 | KC_HOST=${1:-as.keycloak-fapi.org} 6 | RS_HOST=${2:-rs.keycloak-fapi.org} 7 | 8 | DIR=$(cd $(dirname $0); pwd) 9 | cd $DIR 10 | 11 | type cfssl 12 | if [ $? -ne 0 ]; then 13 | type .bin/cfssl 14 | if [ $? -ne 0 ]; then 15 | # Install cfssl 16 | mkdir -p .bin 17 | curl -s -L -o .bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 18 | curl -s -L -o .bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 19 | chmod +x .bin/{cfssl,cfssljson} 20 | fi 21 | PATH=$PATH:.bin 22 | fi 23 | 24 | cat << EOS > server-csr.json 25 | { 26 | "CN": "secureoss.jp", 27 | "hosts": [ 28 | "127.0.0.1", 29 | "localhost", 30 | "*.secureoss.jp", 31 | "keycloak.org", 32 | "*.keycloak.org", 33 | "*.nip.io", 34 | "$KC_HOST", 35 | "$RS_HOST", 36 | "conformance-suite.keycloak-fapi.org" 37 | ], 38 | "key": { 39 | "algo": "rsa", 40 | "size": 2048 41 | }, 42 | "names": [ 43 | { 44 | "C": "JP", 45 | "L": "", 46 | "O": "Secure OSS Sig", 47 | "OU": "Keycloak-fapi", 48 | "ST": "Server" 49 | } 50 | ] 51 | } 52 | EOS 53 | 54 | # Generate 55 | cfssl gencert -initca ca-csr.json | cfssljson -bare ca 56 | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server server-csr.json | cfssljson -bare server 57 | 58 | # Verify 59 | openssl x509 -in ca.pem -text -noout 60 | openssl x509 -in server.pem -text -noout 61 | 62 | # Copy certs to keycloak folder for Keycloak.x 63 | cp server.pem $DIR/../keycloak -------------------------------------------------------------------------------- /conformance-tests-env/common/https/server-csr.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "secureoss.jp", 3 | "hosts": [ 4 | "127.0.0.1", 5 | "localhost", 6 | "*.secureoss.jp", 7 | "keycloak.org", 8 | "*.keycloak.org", 9 | "*.nip.io", 10 | "as.keycloak-fapi.org", 11 | "rs.keycloak-fapi.org", 12 | "conformance-suite.keycloak-fapi.org" 13 | ], 14 | "key": { 15 | "algo": "rsa", 16 | "size": 2048 17 | }, 18 | "names": [ 19 | { 20 | "C": "JP", 21 | "L": "", 22 | "O": "Secure OSS Sig", 23 | "OU": "Keycloak-fapi", 24 | "ST": "Server" 25 | } 26 | ] 27 | } 28 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/server-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEAwWT/0rPyaBYuiIcLmBZbsgtopNaPCAJ1DyOzo4EtBsUY2YYs 3 | yqWkShp6INglQlQdJjzlwT/CcFH7n2VodOt1HN6TMed7TVQD29LBfZdzYvZwi/IJ 4 | EWRTNmWXq2Jejed5gj5pWGNvepIMtisvz/D9Zk+JjiuEXxpk6gcANKLeJPZAJIOd 5 | 0NDG30NppdILzWOZkPaggYbSbqunp5Db+Uy4BxPZP8OD4L+TX+bMMAOAMYj0aPaU 6 | 7seDSir4HGWKX2DHLAVwvNbGaLzcnt7upyb29DkZf70F8VnRFZeftEMGprwtCSSD 7 | GrZ8uYXIQ6z+NTcmS5o883UOWIKqPAdAzHJTVQIDAQABAoIBAAJg4ZyPxf1tuGjJ 8 | cGUQcVRBO6o7UUsB7Lqg78alAg7BQcr7EXX0j46xwKrCvcKREkK0IQc9Z4DGIVgW 9 | gTBe7PPL8Pd+J1AOJnX/o42N3UdsTHoMIfxqxXM30KO09AC+xgnKBrWlk2tofGuJ 10 | IG9oQVWOyNxMwLYCtxcBuwjqr9y4fRxLO26w2kLHBvdTqQCC1aO4LLlDjTssKzui 11 | UdgSYrJLi+QLqrv5DAq4+6Eew5oFLprWGjoOsVt5K8jfgM0g/ugupH5kPVsBAOXT 12 | x/HhZW42ncPI2fTV6gF8g0Lyk3LWadh/JB3f3xBQ/73NU2s1Y2RAqCFPNYouMqrG 13 | qz9epgkCgYEA3D9/PTg+ApzZKtGv1oKd6dRQ8bQ4L/FgPTvkCGyA3G182l47G8x0 14 | NYOSHL4Cyq4w69cktyzwEYns/5yynyq5hzONLEnN/+tEDORf8OwbllMKamZgiDUX 15 | sokGaLwtrUOnBnuXtdSvHUvs55BOuVx03eWja83VwJQ1RtNb/aUhl7sCgYEA4MmX 16 | 1sY4QsnyRG7upk9FUi5p1HWOouUHURLiWhh5qxsZy451Gg9IL4/G6n1P4l2dtfut 17 | 9JMtYxZ3YKnZxYapx4lyVehR6GXaq0GV7peuN3abUPT1B65TAOIozGu/d23s6eqd 18 | wibn8r5Aj8VzeqwJPRQA2/TrQyljWjTKYaHy6C8CgYAVlC8OO3Vv4hgw5sx4kuGP 19 | 6Fpp5ANhRx/rv/Nuk9roPd3usy7NYXG9UH+/SyqQ2xI1+SVCwSdgQIg03xBtIc19 20 | nqJlRXHmchF/xdxUiX2Gc+pgVFl+3tzMhDpZhp5fDHLP4soRaZ4im67BXVUpOhLF 21 | LtudE1SvApZZsxmfN0+cQwKBgCZ5OpzPBngf+nBOEFi0vqenPAPaLxSgYJU2xzkm 22 | cUSg+dRGSLKyJOfHEwO1eQPEhCbOseJngmAwSzRnPde6CbsWQlSD0+kT7c5cBl50 23 | 5aOmkETV+E5dPuWqz9LVKks1rFQJDQFbCV4ZxBEXeYFoiphCoTcEf3PaVJ/u4yi8 24 | wEePAoGAaViEs9+QrPigd1Rd81Vx4I0uS9uv4034dYeLkXvHZN4Qu+XrgY+Pklp5 25 | 2VYkINqJAApybFwDvX+DjrfKdeoHIQ/pnN3AKtmeGVB55jb8hwqvL56yXD/ZyGAv 26 | kG/91ld+J2cj8J+SAjZSS+Bvrl8s6azMRNFgtNGtVkGy0e+220Q= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /conformance-tests-env/common/https/server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEezCCA2OgAwIBAgIUKEdhdk+wy/Or1WcG3YA0u0wR8ngwDQYJKoZIhvcNAQEL 3 | BQAwZjELMAkGA1UEBhMCSlAxCzAJBgNVBAgTAkNBMRcwFQYDVQQKEw5TZWN1cmUg 4 | T1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEZMBcGA1UEAxMQS2V5Y2xv 5 | YWstZmFwaSBDQTAeFw0yMTA3MjgwODIyMDBaFw0yNjA3MjcwODIyMDBaMGYxCzAJ 6 | BgNVBAYTAkpQMQ8wDQYDVQQIEwZTZXJ2ZXIxFzAVBgNVBAoTDlNlY3VyZSBPU1Mg 7 | U2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMRUwEwYDVQQDEwxzZWN1cmVvc3Mu 8 | anAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBZP/Ss/JoFi6IhwuY 9 | FluyC2ik1o8IAnUPI7OjgS0GxRjZhizKpaRKGnog2CVCVB0mPOXBP8JwUfufZWh0 10 | 63Uc3pMx53tNVAPb0sF9l3Ni9nCL8gkRZFM2ZZerYl6N53mCPmlYY296kgy2Ky/P 11 | 8P1mT4mOK4RfGmTqBwA0ot4k9kAkg53Q0MbfQ2ml0gvNY5mQ9qCBhtJuq6enkNv5 12 | TLgHE9k/w4Pgv5Nf5swwA4AxiPRo9pTux4NKKvgcZYpfYMcsBXC81sZovNye3u6n 13 | Jvb0ORl/vQXxWdEVl5+0QwamvC0JJIMatny5hchDrP41NyZLmjzzdQ5Ygqo8B0DM 14 | clNVAgMBAAGjggEfMIIBGzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB 15 | BQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUi8L29oMMwHMjorF+gLJxbp7h 16 | uKkwHwYDVR0jBBgwFoAUPTNOa4lBTtovzHjqPieuioFEcH8wgaUGA1UdEQSBnTCB 17 | moIJbG9jYWxob3N0gg4qLnNlY3VyZW9zcy5qcIIMa2V5Y2xvYWsub3Jngg4qLmtl 18 | eWNsb2FrLm9yZ4IIKi5uaXAuaW+CFGFzLmtleWNsb2FrLWZhcGkub3JnghRycy5r 19 | ZXljbG9hay1mYXBpLm9yZ4IjY29uZm9ybWFuY2Utc3VpdGUua2V5Y2xvYWstZmFw 20 | aS5vcmeHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAKsjh2OrQSYIxuljOUI5S5yO 21 | p0anH7++Hg5/CWpDxNqTx6RfzT15kFI3+h2X4aNjVPZgxUcNk0CRMNIbaIV6LDXm 22 | KnmXB6b0QtNIeeTApbheYAohZ/DsoVdGcNYDZHflunuzbHe14cM+lvdrboXNEt9N 23 | aas5gh4ozFaKRI5tFJVmeuwu6+lpk3SqUIfrl/2VMNDFXURoUv39IPhqLbMxERWY 24 | nvaMlbC1SkBvGkVvkfwfNzearS2BFwZuXrmy5OZn3PbJoULeBYZbysMiJ7OIVlDF 25 | WSPxcRNqFGx2jTA6d5pH1fZOiQkp1c/WRLHwLPs6c9k4PbbSCBUB1efKSfUP2VY= 26 | -----END CERTIFICATE----- 27 | -------------------------------------------------------------------------------- /conformance-tests-env/common/load-balancer/Dockerfile: -------------------------------------------------------------------------------- 1 | #FROM haproxy:1.9.8 2 | FROM haproxy:3.0.5-alpine 3 | 4 | COPY --chown=haproxy:haproxy haproxy.cfg /tmp/haproxy.cfg 5 | COPY --chown=haproxy:haproxy haproxy_two-frontends.cfg /tmp/haproxy_two-frontends.cfg 6 | 7 | USER root 8 | 9 | # Switch the lines to use loadbalancer listening on two ports of single host. 10 | RUN /bin/sh -c "cp /tmp/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg" 11 | # RUN /bin/sh -c "cp /tmp/haproxy_two-frontends.cfg /usr/local/etc/haproxy/haproxy.cfg" 12 | 13 | USER haproxy 14 | 15 | -------------------------------------------------------------------------------- /conformance-tests-env/common/load-balancer/haproxy.cfg: -------------------------------------------------------------------------------- 1 | defaults 2 | log stdout format raw local0 debug 3 | option tcplog 4 | timeout client 30s 5 | timeout server 30s 6 | timeout connect 5s 7 | 8 | frontend ft_ssl_vip 9 | bind *:443 10 | mode tcp 11 | tcp-request inspect-delay 5s 12 | tcp-request content accept if { req_ssl_hello_type 1 } 13 | 14 | acl application_1 req_ssl_sni -i "${KEYCLOAK_FQDN}" 15 | acl application_2 req_ssl_sni -i "${RESOURCE_FQDN}" 16 | acl application_3 req_ssl_sni -i "${CONFORMANCE_SUITE_FQDN}" 17 | 18 | use_backend bk_ssl_application_1 if application_1 19 | use_backend bk_ssl_application_2 if application_2 20 | use_backend bk_ssl_application_3 if application_3 21 | 22 | default_backend bk_ssl_application_2 23 | 24 | backend bk_ssl_application_1 25 | mode tcp 26 | 27 | acl clienthello req_ssl_hello_type 1 28 | acl serverhello rep_ssl_hello_type 2 29 | 30 | # use tcp content accepts to detects ssl client and server hello. 31 | tcp-request inspect-delay 5s 32 | tcp-request content accept if clienthello 33 | 34 | # no timeout on response inspect delay by default. 35 | tcp-response content accept if serverhello 36 | 37 | option ssl-hello-chk 38 | server server1 keycloak:9443 check 39 | 40 | backend bk_ssl_application_2 41 | mode tcp 42 | 43 | #acl clienthello req_ssl_hello_type 1 44 | #acl serverhello rep_ssl_hello_type 2 45 | 46 | # use tcp content accepts to detects ssl client and server hello. 47 | #tcp-request inspect-delay 5s 48 | #tcp-request content accept if clienthello 49 | 50 | # no timeout on response inspect delay by default. 51 | #tcp-response content accept if serverhello 52 | 53 | #option ssl-hello-chk 54 | server server1 api_gateway_nginx:443 check 55 | 56 | backend bk_ssl_application_3 57 | mode tcp 58 | 59 | #acl clienthello req_ssl_hello_type 1 60 | 61 | # use tcp content accepts to detects ssl client hello. 62 | #tcp-request inspect-delay 5s 63 | #tcp-request content accept if clienthello 64 | 65 | #option ssl-hello-chk 66 | server server1 httpd:8443 check 67 | -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/conformance-suite/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM maven:3.8.3-openjdk-17-slim as builder 2 | ARG OPENID_GIT_URL 3 | ARG OPENID_GIT_TAG 4 | 5 | # the server app requires redir to run 6 | RUN apt-get update && apt-get install -y redir python3 python3-pip git 7 | RUN pip3 install httpx pyparsing 8 | RUN git clone -b ${OPENID_GIT_TAG} ${OPENID_GIT_URL} ./conformance-suite 9 | ADD . ./conformance-suite/ 10 | EXPOSE 8080 11 | EXPOSE 9090 12 | CMD [ "sh", "./conformance-suite/server-entrypoint.sh" ] 13 | -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/conformance-suite/server-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | cd conformance-suite 3 | mv -f run-tests.sh ./.gitlab-ci 4 | mvn package -DskipTests 5 | java -Xdebug -Xrunjdwp:transport=dt_socket,address=*:9999,server=y,suspend=n \ 6 | -jar target/fapi-test-suite.jar \ 7 | -Djava.security.egd=file:/dev/./urandom \ 8 | --fintechlabs.base_url=${CONFORMANCE_SERVER} \ 9 | --fintechlabs.devmode=true \ 10 | --fintechlabs.startredir=true \ 11 | --logging.level.net.openid.conformance.frontChannel=DEBUG -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/keycloak/keycloak-oauth-sig/2783aa61c33429cfbbff08fb6a386221e7a7f3ff/conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/.gitignore -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc-logout/oidcc-backchannel-rp-initiated-logout.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Backchannel Rp Initiated Logout Certification Profile (client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-backchannel-rp-initiated-logout", 10 | "client_secret": "OmvGzu1ptshSgRk4UxU6ibYA2ihsrSDe" 11 | } 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc-logout/oidcc-frontchannel-rp-initiated-logout.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Frontchannel Rp Initiated Logout Certification Profile (client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-frontchannel-rp-initiated-logout", 10 | "client_secret": "45qK5X42ZWolOe0KJTCCDdu5FxfOymYW" 11 | } 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc-logout/oidcc-rp-initiated-logout.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Rp Initiated Logout Certification Profile (client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-rp-initiated-logout", 10 | "client_secret": "hYrN6jbdLq6WtfxjhVxmdF3vVdOgNK9p" 11 | } 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc-logout/oidcc-session-management.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Session Management Certification Profile (client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-session-management", 10 | "client_secret": "omvnHtj4B8N0eL20vTzYzfXS4EkHo2VF" 11 | } 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-3rdparty-init-login-automated.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Automated]OpenID Connect Core: 3rd party initiated login Certification Profile (response_type:code id_token)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration" 6 | }, 7 | "browser": [ 8 | { 9 | "match": "https://as.keycloak-fapi.org/auth/realms/test/protocol/openid-connect/auth*", 10 | "tasks": [ 11 | { 12 | "task": "Initial Login", 13 | "match": "https://as.keycloak-fapi.org/auth/realms/test/protocol/openid-connect/auth*", 14 | "optional": true, 15 | "commands": [ 16 | [ 17 | "text", 18 | "name", 19 | "username", 20 | "john" 21 | ], 22 | [ 23 | "text", 24 | "name", 25 | "password", 26 | "john" 27 | ], 28 | [ 29 | "click", 30 | "name", 31 | "login" 32 | ] 33 | ] 34 | }, 35 | { 36 | "task": "Authorize Client", 37 | "match": "https://as.keycloak-fapi.org/auth/realms/test/login-actions/required-action*", 38 | "optional": true, 39 | "commands": [ 40 | [ 41 | "click", 42 | "name", 43 | "accept" 44 | ] 45 | ] 46 | }, 47 | { 48 | "task": "Verify Complete", 49 | "match": "https://*/test/a/keycloak/callback*", 50 | "optional": true, 51 | "commands": [ 52 | [ 53 | "wait", 54 | "id", 55 | "submission_complete", 56 | 10 57 | ] 58 | ] 59 | } 60 | ] 61 | } 62 | ] 63 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-3rdparty-init-login.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual]OpenID Connect Core: 3rd party initiated login Certification Profile (response_type:code id_token)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration" 6 | } 7 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-basic.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual]OpenID Connect Core: Basic Certification Profile (server_metadata:discovery/client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-basic", 10 | "client_secret": "TKPQpcXTbp7vvsoUkjlZXkx8QXwPTRkU" 11 | }, 12 | "client_secret_post": { 13 | "client_id": "client1-oidcc-basic-client_secret_post", 14 | "client_secret": "IOxDgJWg4sMINzCngTT01rYAgRoHE5Qn" 15 | }, 16 | "client2": { 17 | "client_id": "client2-oidcc-basic", 18 | "client_secret": "t9XCrOEAlk4H4FTNv96VbHaQhdlB2WHY" 19 | } 20 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-config-automated.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Automated]OpenID Connect Core: Config Certification Profile Authorization server test (Conformance Profile: Config OP)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration" 6 | } 7 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Config Certification Profile Authorization server test (Conformance Profile: Config OP)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration" 6 | } 7 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-dynamic.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Dynamic Certification Profile (response_type:code id_token)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration" 6 | } 7 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-formpost-basic.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Form Post Basic Certification Profile (server_metadata:discovery/client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-formpost-basic", 10 | "client_secret": "XtLFh8akGddUKZ7WkC4szwgskfR2xSkP" 11 | }, 12 | "client_secret_post": { 13 | "client_id": "client1-oidcc-formpost-basic-client_secret_post", 14 | "client_secret": "YbOQtnO0v5QqXKkCyFTvUP4ENrWUhvyP" 15 | }, 16 | "client2": { 17 | "client_id": "client2-oidcc-formpost-basic", 18 | "client_secret": "Af62MUV6EyChsD41FS2wForoVdOZUD8l" 19 | } 20 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-formpost-hybrid.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Form Post Hybrid Certification Profile (server_metadata:discovery/client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-formpost-hybrid", 10 | "client_secret": "W81JPfdB7okh2wvLHg4iCM2EdWnS3J0e" 11 | }, 12 | "client_secret_post": { 13 | "client_id": "client1-oidcc-formpost-hybrid-client_secret_post", 14 | "client_secret": "1Y4OIwSOPSphwJpNrkpV5rSwJqTlKl8F" 15 | }, 16 | "client2": { 17 | "client_id": "client2-oidcc-formpost-hybrid", 18 | "client_secret": "dFlxFls4Bo0DWjbDFOD8D7DqLQRGMAXY" 19 | } 20 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-formpost-implicit.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Form Post Implicit Certification Profile (server_metadata:discovery/client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-formpost-implicit", 10 | "client_secret": "Ruk3Or7L80OkC9BW3MztiuzytD2dfVcx" 11 | } 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-hybrid.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Hybrid Certification Profile (server_metadata:discovery/client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-hybrid", 10 | "client_secret": "ulvklGmELzpZqKiISkRmberNm4als3z3" 11 | }, 12 | "client_secret_post": { 13 | "client_id": "client1-oidcc-hybrid-client_secret_post", 14 | "client_secret": "4gDNjUhBkki0gSuKlxtytGCTh4UlNc45" 15 | }, 16 | "client2": { 17 | "client_id": "client2-oidcc-hybrid", 18 | "client_secret": "BAfJ8ugBegJ7JWdPVjcqGNFpYfNb6euL" 19 | } 20 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/fapi-conformance-suite-configs/oidc/oidcc-implicit.json: -------------------------------------------------------------------------------- 1 | { 2 | "alias": "keycloak", 3 | "description": "[Manual] OpenID Connect Core: Implicit Certification Profile (server_metadata:discovery/client_registration:static_client)", 4 | "server": { 5 | "discoveryUrl": "https://as.keycloak-fapi.org/auth/realms/test/.well-known/openid-configuration", 6 | "login_hint": "john" 7 | }, 8 | "client": { 9 | "client_id": "client1-oidcc-implicit", 10 | "client_secret": "ZzO5JvO1PQU1kVxG3S6gEIX05uF2f11s" 11 | } 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/test-runner/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker:27.3.1-dind-alpine3.20 2 | ADD test-runner-entrypoint.sh . 3 | RUN apk add --update --upgrade --no-cache curl 4 | CMD [ "sh", "./test-runner-entrypoint.sh" ] -------------------------------------------------------------------------------- /conformance-tests-env/conformance-suite/test-runner/test-runner-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Wait for server to start before running tests - check every 30s 4 | # On some platforms (For example Ubuntu 18.0.4), the docker host available on 172.17.0.1 5 | until $(curl -k --output /dev/null --silent --head --fail https://host.docker.internal:8443) || $(curl -k --output /dev/null --silent --head --fail https://172.17.0.1:8443) 6 | do 7 | echo "Still waiting for 'docker internal host' to be available"; 8 | sleep 30 9 | done 10 | 11 | echo "The 'docker internal host' available. Waiting 90 seconds before starting tests" 12 | 13 | # Sometimes keycloak is still starting up at this point if no maven dependencies need downloading in server service (sleep 90) 14 | sleep 90 15 | 16 | docker exec keycloak-fapi-server-1 bash -c "chmod a+x /conformance-suite/.gitlab-ci/run-tests.sh" 17 | docker exec keycloak-fapi-server-1 bash -c "chmod a+x /conformance-suite/scripts/*" 18 | docker exec keycloak-fapi-server-1 bash -c "apk add --update --upgrade --no-cache python3-pip" 19 | docker exec keycloak-fapi-server-1 bash -c "apk update && apk add --no-cache py3-pip" 20 | docker exec keycloak-fapi-server-1 bash -c "pip3 install httpx pyparsing" 21 | 22 | [ $AUTOMATE_TESTS == true ] && 23 | docker exec keycloak-fapi-server-1 bash -c "/conformance-suite/.gitlab-ci/run-tests.sh $TEST_PLAN" -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/consent-server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.16.5-alpine3.14 as builder 2 | 3 | ENV GO111MODULE=on 4 | 5 | WORKDIR /go/src/github.com/soss-sig/keycloak-fapi 6 | COPY *.go ./ 7 | 8 | RUN go mod init 9 | RUN go get github.com/google/uuid 10 | RUN go build -o consent-server *.go 11 | 12 | FROM alpine:3.14 13 | 14 | # Install consent-server for testing 15 | COPY --from=builder /go/src/github.com/soss-sig/keycloak-fapi/consent-server /usr/local/sbin/ 16 | 17 | ENTRYPOINT [ "consent-server" ] 18 | 19 | -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/consent-server/consent-server-info.txt: -------------------------------------------------------------------------------- 1 | keycloak-fapi.org:11443 2 | -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/consent-server/keycloak-server-info.txt: -------------------------------------------------------------------------------- 1 | keycloak-fapi.org:9443 2 | -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/dpop-proof-signature-verify-server/.gitignore: -------------------------------------------------------------------------------- 1 | *-server-info.txt 2 | 3 | -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/dpop-proof-signature-verify-server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.23.2-alpine3.20 as builder 2 | 3 | ENV GO111MODULE=on 4 | WORKDIR /go/src/github.com/soss-sig/keycloak-fapi 5 | RUN apk update && apk add git 6 | COPY go.mod *.go ./ 7 | RUN go mod download github.com/lestrrat-go/jwx 8 | RUN go mod tidy 9 | RUN go build -o dpop-proof-signature-verify-server *.go 10 | 11 | 12 | FROM alpine:3.9 13 | 14 | # Install resource-server for testing 15 | COPY --from=builder /go/src/github.com/soss-sig/keycloak-fapi/dpop-proof-signature-verify-server /usr/local/sbin/ 16 | 17 | ENTRYPOINT [ "dpop-proof-signature-verify-server" ] 18 | 19 | -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/dpop-proof-signature-verify-server/go.mod: -------------------------------------------------------------------------------- 1 | module dpop-proof-signature-verify-server 2 | 3 | require github.com/lestrrat-go/jwx v1.2.30 // indirect -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/resource-server/.gitignore: -------------------------------------------------------------------------------- 1 | *-server-info.txt 2 | 3 | -------------------------------------------------------------------------------- /conformance-tests-env/spec/entities/resource-server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.22-alpine3.19 as builder 2 | 3 | ENV GO111MODULE=on 4 | WORKDIR /go/src/github.com/soss-sig/keycloak-fapi 5 | COPY *.go ./ 6 | RUN go build -o resource-server *.go 7 | 8 | 9 | FROM alpine:3.19 10 | 11 | # Install resource-server for testing 12 | COPY --from=builder /go/src/github.com/soss-sig/keycloak-fapi/resource-server /usr/local/sbin/ 13 | 14 | ENTRYPOINT [ "resource-server" ] 15 | 16 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/auth_entity_server/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/auth_entity_server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.22-alpine3.19 as builder 2 | 3 | ENV GO111MODULE=on 4 | WORKDIR /go/src/github.com/soss-sig/keycloak-fapi 5 | COPY *.go ./ 6 | RUN go build -o auth_entity_server *.go 7 | 8 | 9 | FROM alpine:3.19 10 | 11 | # Install resource-server for testing 12 | COPY --from=builder /go/src/github.com/soss-sig/keycloak-fapi/auth_entity_server /usr/local/sbin/ 13 | 14 | ENTRYPOINT [ "auth_entity_server" ] 15 | 16 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/auth_entity_server/auth_entity_server-info.txt: -------------------------------------------------------------------------------- 1 | keycloak-fapi.org:12443 2 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/auth_entity_server/keycloak-server-info.txt: -------------------------------------------------------------------------------- 1 | keycloak-fapi.org:9443 2 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/.gitignore: -------------------------------------------------------------------------------- 1 | *.pem 2 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.22-alpine3.19 as builder 2 | 3 | ENV GO111MODULE=on 4 | WORKDIR /go/src/github.com/soss-sig/keycloak-fapi 5 | COPY *.go ./ 6 | RUN go build -o client-jwks-server *.go 7 | 8 | 9 | FROM alpine:3.19 10 | 11 | # Install client-jwks-server for testing 12 | COPY --from=builder /go/src/github.com/soss-sig/keycloak-fapi/client-jwks-server /usr/local/sbin/ 13 | ADD . /keys 14 | ENTRYPOINT [ "client-jwks-server" ] 15 | 16 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/generate-keys.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DIR=$(cd $(dirname $0); pwd) 4 | cd $DIR 5 | 6 | type jwk-keygen 7 | if [ $? -ne 0 ]; then 8 | # Install jwk-keygen 9 | mkdir -p .bin 10 | curl -s -L https://github.com/openstandia/jwk-keygen/releases/download/v0.1/jwk-keygen-v0.1-linux-amd64.tar.gz | tar zx -C .bin 11 | PATH=$PATH:.bin 12 | fi 13 | 14 | rm -f *.json 15 | rm -f *.pem 16 | 17 | jwk-keygen --use=sig --format --jwks --pem --pem-body --alg=PS256 --kid=client1-PS256 18 | jwk-keygen --use=sig --format --jwks --pem --pem-body --alg=PS256 --kid=client2-PS256 19 | jwk-keygen --use=sig --format --jwks --pem --pem-body --alg=ES256 --kid=client1-ES256 20 | jwk-keygen --use=sig --format --jwks --pem --pem-body --alg=ES256 --kid=client2-ES256 21 | jwk-keygen --use=sig --format --jwks --pem --pem-body --alg=RS256 --kid=client1-RS256 22 | jwk-keygen --use=sig --format --jwks --pem --pem-body --alg=RS256 --kid=client2-RS256 23 | 24 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_enc_PS256_client1-PS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "enc", 3 | "kty": "RSA", 4 | "kid": "client1-OAEP", 5 | "alg": "RSA-OAEP", 6 | "n": "sizy7HrxRWsnZluxGYI7I9RStrHgaIjBkHBDnHHIrAgPWbKOB4wtRpES2pnn9CZ2KZdK1ETHMnswyPYeMn_u6vhL6NxO9sQ2-84fqxoW9vdy-LkQvRf9vp2Zcxu8RwzDDG7vBeTdJ1fez24jEj8itI-j84CEsUND6DnHFbaEVrQvKM21r1ViwVOS22Rv2ChOYX4Smt3OUkAzz6yoa_JETFcQxTnLAbkiRX3FQBkOynfZSjxPD7DXz_CFh1ZlubkAHmTnCtblFpj2Rt4T3IVqNjV0Mxb0vhvnzFizPPWFLHwvcwUsNEouKgP798eimT3gq9F3Q0NlwS6prlpzrt7L-Q", 7 | "e": "AQAB" 8 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_enc_PS256_client1-PS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "enc", 3 | "kty": "RSA", 4 | "kid": "client1-OAEP", 5 | "alg": "RSA-OAEP", 6 | "n": "sizy7HrxRWsnZluxGYI7I9RStrHgaIjBkHBDnHHIrAgPWbKOB4wtRpES2pnn9CZ2KZdK1ETHMnswyPYeMn_u6vhL6NxO9sQ2-84fqxoW9vdy-LkQvRf9vp2Zcxu8RwzDDG7vBeTdJ1fez24jEj8itI-j84CEsUND6DnHFbaEVrQvKM21r1ViwVOS22Rv2ChOYX4Smt3OUkAzz6yoa_JETFcQxTnLAbkiRX3FQBkOynfZSjxPD7DXz_CFh1ZlubkAHmTnCtblFpj2Rt4T3IVqNjV0Mxb0vhvnzFizPPWFLHwvcwUsNEouKgP798eimT3gq9F3Q0NlwS6prlpzrt7L-Q", 7 | "e": "AQAB", 8 | "d": "m_Px8QEvO3at9s7c9Zniz9qhR13sMTM6UYWh-EYzwjgPz5AU9xA_9Ns4aHR77VzY4lCVY7SLsmjXa57ZEZSe97W7I6fpyd42zjI9z9K3NRWj4YaC2zArnnNtg65MHthRxQk4V61Z0Xz8_gzFz8vJQcfUVmcwPcPFpXclBaFKtmPr7LBeT1owkmN16LcMr_Emaes4JPvopIIFxUm4m1LJu3TKBDoJutDSpJlnAc4QW16B6yMHo82r4tNYcANQ5yynvPRw-2MsVoBQSfu8i4uNKiaFT7DkrEiyJy_5lOX9_eaIFHNzqmA2-QVX51A7br7ojOsLsaIAAV2HWHqGm7m9sQ", 9 | "p": "4ElCAtFwwAfOi1aSRcV03Lu2X59Rc6qu5ym87Urn2aRiZprwSCRGxtLJL2TeAA7aGN2Sf4mTww080K0w1RnasQemtBmpH1nnOZfBuN4Ia0tMyMILRecIcbQY8BNVsV_G3cS1Cc-41rIjQtEpCtkHg_Fms2ww7Fxo9FDlPoTxWaU", 10 | "q": "y16S3_k-UOs560OWmhgQ45m__v4C8QXD-lEi7ugGzS9Rut-1fS89Et88eH6gi6dh6JmpezxPjoxgDMpHMUv3Es1x7OmZqp0U0RdTfJIs7gplNzTy1Rp8LdsUze1ta6EYa5VHXUoOA1osBkdTqdNGpCbXvnflLsquvVug8DZYkMU", 11 | "dp": "tMrYpyTk2iZw2-jg59UPKo81p0bphW9kpXoDjNQAqHPVzhe-8KgtVT-8ZLPOMAXI0Jpq6NuhfG1DRIMXBfBdVK5yNmMo7NivhsFJqxdvee2s63dfVu2w5Nbj80HipaQqzcEuncYPnSDjQ40OpGvlnvoMaz0fAqhLAgXjhM3tLvE", 12 | "dq": "VGR-lqsbjQDQHC0EBhYOjCR1ZB-MoPA_j1S0JmfqyqLkS6Qh8Dz2Hyq8MVR60vk2zAtYJWe1q_XctfIK8Q4RDaBrsmCOABsHVG1Vm9AdDPsLXYl_a6d9-Jl9XKc2TP-g3qQn5TKh9gopUsGumj6uhdgIl2WxmWVKdhHcC1LCFfE", 13 | "qi": "DBz6wsZ5u8cHVP7g6AHb7DHsw25dhNtaIPkmK5hpWAk6DPdwIpy1hRf8WzR70keozjbd4p7GUCRQ3_z4OVsYz0FauJmMb_1fk3WQxDHXZa2xPsHW5MgxKpQkctIaZyXkMKOYxPO6UTMasXBPZuqJiBn87nL6mb_Imqz5Ubcfy_g" 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_enc_PS256_client2-PS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "enc", 3 | "kty": "RSA", 4 | "kid": "client2-OAEP", 5 | "alg": "RSA-OAEP", 6 | "n": "qPNLdO3qcM4E4QU-bGiYaWSIY4tL52uDOz8o4oyFNBFAp7-W98ybc0Kww1FsguOfQqQq7w2x8NAcxX6W-roytufcn3o-o8gI_8y3gc130H-L7jjSt5pyfiI8xiiYkGuI5xwTHwAlr_WrbaEzm9EiMLoVyzmgZATYNfdLsCzlAq8HOdu0MSatBxoD8Xn05MrNwFlno8fkh8DE6hwqSKPcIBqNEccDqwiq2PZd3o8Gh85F9ISALSamsjKutjpIOsax-odOVCmUa1ae98HEgWZOg4MlU2hOsS4QKNSj54Pa766v-FlS99Tq8mSt2gjLVANeWKUOR5C29zPFcV7WrkKhWQ", 7 | "e": "AQAB" 8 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_enc_PS256_client2-PS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "enc", 3 | "kty": "RSA", 4 | "kid": "client2-OAEP", 5 | "alg": "RSA-OAEP", 6 | "n": "qPNLdO3qcM4E4QU-bGiYaWSIY4tL52uDOz8o4oyFNBFAp7-W98ybc0Kww1FsguOfQqQq7w2x8NAcxX6W-roytufcn3o-o8gI_8y3gc130H-L7jjSt5pyfiI8xiiYkGuI5xwTHwAlr_WrbaEzm9EiMLoVyzmgZATYNfdLsCzlAq8HOdu0MSatBxoD8Xn05MrNwFlno8fkh8DE6hwqSKPcIBqNEccDqwiq2PZd3o8Gh85F9ISALSamsjKutjpIOsax-odOVCmUa1ae98HEgWZOg4MlU2hOsS4QKNSj54Pa766v-FlS99Tq8mSt2gjLVANeWKUOR5C29zPFcV7WrkKhWQ", 7 | "e": "AQAB", 8 | "d": "N90qqCE7Ec2tY1I-j84OB1tMlc2rbXvpSp_Zvv9D1DGYNV9uZcVr6TK2C_9SZ_0n3fs2jxDyM3Q87ziqZ4FF36DPHJRpPfKYtyxTyUHNSk3CUSTM2BTjor1jZwppV-eWvwRTdj6wN3x-EKPq0qzWJ1KAflAxrqDDdSSuDDTsDHSV149U2A7QNDU8a2gyM_qh2ZuVutK-Fni3lXecJlRXPg44wTlNG_HhBU3KF2sYhXSpvqHtSgaj47KqSbXn3u_ALOCy5c2P68ke5gR9_3bFV9FtubrbKFc7Jhsh0sHR8uf8YB4_3e3-3Cy7-trCbmTohqQmdGmBgxn0ZS9mUHAE4Q", 9 | "p": "y1VzdvIkhwi0OHW04Ghp4vv2X8pf49mY-yE7_dGHMizsepmaywW8rbmfnzchabBbp5iLfQ3D7KpuDIklAuNaVlkqR2xemUS3MehJgi13AoahxhuOGlDhw-mZfebSnBrslK1y1ZxAsUTxXBbuEClUtole1MPgD_haCy6P8jk4qU0", 10 | "q": "1LX3S_kZiUNNDMH1cwohq1NQZYy0_iNKDAJkxhDlKzWUG7DIXntMu8F7d-x57FEXAIPDwe-WuyMG-omCmTtDop9YQcdAvfDPvETNq8a629KmSS8ae8lvJ2WA8Z9maPMer6t1AjwP4WGEhKLeRxi7wfhgpoX7eviSbUUyanLWcj0", 11 | "dp": "up35tEB23-xQI8V8Nb3--NGRhMcjjOZoLoyJF-JXN-jdPYR--jiQu80ywBkENJEk_cPWufaJTEv7Zsv0SRtLDRcW46iFhhv4Gvj7hlud75aLIVym5mY3Xuyl8FSKFbXsTmSGkaCwC0KgVonBAto8IrAfdh00JtQkKEEa4hA8fb0", 12 | "dq": "Oq2j9bpW-A2v0Kgk7MJLvXZzREBHoZ_cimmSoS0B-ySBog3niGDdLyJVzCRZEf7gqIyw0OwmGaO1BiIu-9RkeRUaBLNRwdQPinE0h4GABKocoy2yUZmk5ypSItWFK8h9m5ph4ebtvo_nPausQ9Kn4P-Csg1d7XNq-WfQW5soW0U", 13 | "qi": "TjFq2A15aY0ENCzMcltRJZnlLwp50s2BFTlbPPmqWyw3jIJ3PNvvlTWtRlUc2f0-62QEvxgWDozp42pMJuRbUxSySDF4srH6p2-JEUpfsXzvGwUv2I_PyfC0V14tTHB6aLfTO1NwGqBPTVBZdnIVqtB9WsSLy6ph-Bf7Q68sxoE" 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_ES256_client1-ES256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "EC", 4 | "kid": "client1-ES256", 5 | "crv": "P-256", 6 | "alg": "ES256", 7 | "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4", 8 | "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw" 9 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_ES256_client1-ES256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "EC", 4 | "kid": "client1-ES256", 5 | "crv": "P-256", 6 | "alg": "ES256", 7 | "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4", 8 | "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw", 9 | "d": "zngKYq2KBIRGiawAAZQJ0K_ZxL3VyZbOHYScKtrOWX0" 10 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_ES256_client2-ES256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "EC", 4 | "kid": "client2-ES256", 5 | "crv": "P-256", 6 | "alg": "ES256", 7 | "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME", 8 | "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo" 9 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_ES256_client2-ES256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "EC", 4 | "kid": "client2-ES256", 5 | "crv": "P-256", 6 | "alg": "ES256", 7 | "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME", 8 | "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo", 9 | "d": "xDb8I6rF-rMPo5MV-rZSZZRwk1-TYJCm6SK4JGeP7Gk" 10 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_PS256_client1-PS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client1-PS256", 5 | "alg": "PS256", 6 | "n": "0J5vAPXfZS755gaBYn2PEakdHLtAmZc0cKA5wTL89V4uz9sdkiub-S91cJUTqfxqFFwFe-acTKW7-HKOusJREq3oWNyv394-2OXSDz15Lso6GEATorSRTWzfqUjogjOOBxrvxrcMyxS2RM_NjaNPw2PDWO6u0_BHPWbzyKdKbzzGsuqpd4bZ85-xzDXhXRe0n23GCnGxpPM0SvsW9CAme23-ET_F6VdfPKkX0GSU_vxdwEwGUrk5sbBmtoLcj-pfpJKaA7ZbtLsngrIVIPRNUdcP3eCPiYHrDltsi1wnWlnRj2OBcqfM6bVOQfIiVLv-UC2PgY9gmzzw-Q86GPBQOw", 7 | "e": "AQAB" 8 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_PS256_client1-PS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client1-PS256", 5 | "alg": "PS256", 6 | "n": "0J5vAPXfZS755gaBYn2PEakdHLtAmZc0cKA5wTL89V4uz9sdkiub-S91cJUTqfxqFFwFe-acTKW7-HKOusJREq3oWNyv394-2OXSDz15Lso6GEATorSRTWzfqUjogjOOBxrvxrcMyxS2RM_NjaNPw2PDWO6u0_BHPWbzyKdKbzzGsuqpd4bZ85-xzDXhXRe0n23GCnGxpPM0SvsW9CAme23-ET_F6VdfPKkX0GSU_vxdwEwGUrk5sbBmtoLcj-pfpJKaA7ZbtLsngrIVIPRNUdcP3eCPiYHrDltsi1wnWlnRj2OBcqfM6bVOQfIiVLv-UC2PgY9gmzzw-Q86GPBQOw", 7 | "e": "AQAB", 8 | "d": "rCYQ83nxHk3laSt1GREDPk-O9maOqC9d1pJhFkw88T0G4_6sKDJUQwwmnQBneZ4Q6zwESnnCAH3C3wGpRfOTcxaO5MU3XETJF7KN5IWVukamKdy2V00pmfp9lfPT6Z0hVjukIRZsOCifP6k6teZNq65nRLuxCLL-Fm0ePjXN9nty_T0XBzNeHs961zxLfc_QQFMJ46ppuLl5nBpmMErNhBwtY30y1s6cXWAhEDRvefYyhOPySCjbmUWSel7swuGxZKQIYkJS1QJ-g_e4DyVgybsY0mbaL2wNnZYW_rkVEtmII9L4tGfzcYBYd7084OXvTlh8YVuJfgxqCrIYlOQQAQ", 9 | "p": "7DcHbBqFXG6UTxX6nfI4KISyhKhAhe47H3QjBRZN03EFR0-Lpx6ncY5kiMMx_8ePPzlO_U8InG6PzhAgZFdtqJYt2lcUL50HnfPWv1KoGFe8bCNp7iYSmKT_0SjFTzBZnmoAoFcbEAzXHggWMnbMrpSLBEH64dF2GqgXXVXGEds", 10 | "q": "4hevCO5gcVC4QOZxoapdgvB0AwSiHGZEuAghrYld_6gNl42yMmOsqBhR5XgKSngUv2vrM9NkGXcURVYrcukLKT3bS5yGp5bXzMjEodDijOo33Oxz_uWtcUSH5JpB7BpUS2UuoqnJJA0YnLj_vW7jHczd33__PJ9CQSa5STA--SE", 11 | "dp": "lEuX5U5hGz5w7ZWm2TIP_6APUykuGOcPRxfqRG9UPMJfxf0yd6DPDoOOqi2hXisyy0Z3SKAtj8f5kCyfqV8aARUHhGPW0G2NMqS61TJXRbEPIfS5tEFCu4Ia-HzYIncATGvQKNmGq_TjuH7rMJNUvOWUwP-LOen-c43D3VzUFLE", 12 | "dq": "XSY21i4oC-ee0hZfcKTZPA5HLcsl4x97ZnrrLS0wThl16B_X8AzC4MqMS0dmrgHFQox67fJFBnzaHCsBYamEEKzMgd1uWPO720JISQbfoAELnPjKXZVRHR6IAnZPfK_oVNvOF_Rty22d20wZCXn7FpcGPoPkq5xN1rvWkMHQ4CE", 13 | "qi": "5d84bsBKb6u0YspU9hpc9o8F5PcJxqlwsfyOof80tUwA3NTk985cvaiXM5kQwM21q7bCyMoNfTi681MzlK1gt9GYRAHV4NJhw410mGDdnmGYFtsJwJIZbnwttYJsI0RIrk7Irom8HD2AnTvV5aI05Dxhv_-nCfn-bhy1Qqwce98" 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_PS256_client2-PS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client2-PS256", 5 | "alg": "PS256", 6 | "n": "6DHkboNmEegAyz9N6ux6UwEyI7a2pB3Dv-EOalRuvtqhh6jPsUd6TQZk385DzofNgYZaO1kC9wmYqD4mmQO7N6ZMvZQAbMmCat72-vHKxvZYzjcURMHTK-GDtvOUjbXzC3C0yboOS8qnO5etwho5PXETe3xdgjnERSekgAXdqzGxJEKincPWzcpoaPTpWROf4D9wNnS-rgwyd0CKp20NzoByhUtxMOKJn2t6wmBqgp7SEVOOgwRPEKMiD8u14jY-9xNfG3kOdAHMArSFb5HJN6USyFmFXROczEXOwJgvoCkY0p0hg2NCzImkPgbDmdj_otzLGjB9m3gtIoAa7THzKQ", 7 | "e": "AQAB" 8 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_PS256_client2-PS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client2-PS256", 5 | "alg": "PS256", 6 | "n": "6DHkboNmEegAyz9N6ux6UwEyI7a2pB3Dv-EOalRuvtqhh6jPsUd6TQZk385DzofNgYZaO1kC9wmYqD4mmQO7N6ZMvZQAbMmCat72-vHKxvZYzjcURMHTK-GDtvOUjbXzC3C0yboOS8qnO5etwho5PXETe3xdgjnERSekgAXdqzGxJEKincPWzcpoaPTpWROf4D9wNnS-rgwyd0CKp20NzoByhUtxMOKJn2t6wmBqgp7SEVOOgwRPEKMiD8u14jY-9xNfG3kOdAHMArSFb5HJN6USyFmFXROczEXOwJgvoCkY0p0hg2NCzImkPgbDmdj_otzLGjB9m3gtIoAa7THzKQ", 7 | "e": "AQAB", 8 | "d": "q9gY_q1iwkfZJpMQYJhpo7rT19im7WlV8VFn8MvSNo_qUlNeew6ydgUQbQ7j4hthvcWoTBoBdsF0aLeuqzo2ueXrD7dUZS7xxZSEZ47Bi2TQrrXW21gzqFs7txAo1oRdfw8HzfBUGkW-ZP1JzMjJqi5gw9h0ACgumRvQxCsTNlmkgKpInsBYqzASeVWFKQ5RTMHGoMoNfPJwgn1LuTi5sPKqT3n079R3M3iMKIUrzu-CWMNgtsDM9bSYAaAl6foySQS81DL_mMBuNfedOAnZcQSSjgwjI0S7GIAm4laf7692hfUk2XgqQTS5UpKRMZmsO81_1ErriSNMJI2wjKqW3Q", 9 | "p": "7P97DuHNQ9JWrtSZpIi-0fawFBVy1CpXlVeagF3Nud56VzokBTrNUNxrff04QfgMSH-cK7_DWVptBXZBeUDuxWzj82P1ms_jHNTsG87IPOOm5vWua086cvRK29INH_GHEl7reVL_VTiJlpI9NM-0sSC0DeIo5IfRuCJd9FwAXPs", 10 | "q": "-s_TXd8vASsxcf3VJButhVFo9dEVhGaKH43118DILiS1C5yfyO3z3qZ9SMtgv2L8TV3bHusVk3K35lyT93dS1505Ezh2OIX0r-_Qg23Lwyw5Dhlefty59o-o035JmgyYcHANy-WbHy3VZ3hDi3FFaqX6KvSSlG0wADhBaW687ys", 11 | "dp": "br2GI9MQ1fMP_Atta3tWJsftSMUo7ciHOko_8GFkgshZRC7vq93pGDKWq71Jr1GXc7zlHXAyeKsPLDEwsNbNe0TBUvZPSjJ_ffZkCS5bVFBPqbX89TmFJzfNTt_csCNsqQHfZ8aHdqu_ZrMYlHfFh8qvN5mI4Bgyv6aXXloq9Uc", 12 | "dq": "HsXrECR3FvSev3a-dQy0UJw5fZemxTTzk4WOeWdc6FR2pjMUY8nWVyYkTw8tEq5peHCglv2PCyVTLP-E5CMO1gejXhlaX_sHl6Kb-dQ54PuHEJTKRFR-uKLNuw1OqIkNFxaYisDkNIIiIezelLhUJQ6yUBzr8ywmbJB6bh45Ljs", 13 | "qi": "kAh6uR9qNCv9v-9vrEyqy3dnLVeW5MUtyEH1KLegrsjVlrtBTsMQGSpmXE5oMHvyiqz9e4f0FAQItQjNfIfINMNNFlukmiXFdmqUnKqVGx65cw3Yvzk-KeF8ZiEwQ_QULj7roDOZH8-XbcMjVPCOMEDM2FCMvtIxJqUr4fFJ7_E" 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_RS256_client1-RS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client1-RS256", 5 | "alg": "RS256", 6 | "n": "o6Jz6e3tDkfOTuzPlCgK2ljVCVmOdkchusOMFF6DHTsBEv4GWo_ReNV7GggY_0NRUzZWKRDBNe09rBeC5Oc6ympHVD2mozJjfRDj8vpN2f8k2bhI2f6YXy1FMDb83SmfU6AEhmWV_kRAwZS32xExO70lvptjGoINM2YPFkuYVySQ1jeRUSGmC-XIV9-K6-zNhL8QHDTm-5Nza69AehffW2rfuggOoYZ772QxiEOYqdLyNPzegLjIfwXFZdEdRGX6OmNWaCXWzP4oLPut52-HC_2pYmgiixAVkKbIYIgKomzrXMhzi6tutyWMzcW3GPn1OMcWBdXPEebH6Hp-rEJ_7Q", 7 | "e": "AQAB" 8 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_RS256_client1-RS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client1-RS256", 5 | "alg": "RS256", 6 | "n": "o6Jz6e3tDkfOTuzPlCgK2ljVCVmOdkchusOMFF6DHTsBEv4GWo_ReNV7GggY_0NRUzZWKRDBNe09rBeC5Oc6ympHVD2mozJjfRDj8vpN2f8k2bhI2f6YXy1FMDb83SmfU6AEhmWV_kRAwZS32xExO70lvptjGoINM2YPFkuYVySQ1jeRUSGmC-XIV9-K6-zNhL8QHDTm-5Nza69AehffW2rfuggOoYZ772QxiEOYqdLyNPzegLjIfwXFZdEdRGX6OmNWaCXWzP4oLPut52-HC_2pYmgiixAVkKbIYIgKomzrXMhzi6tutyWMzcW3GPn1OMcWBdXPEebH6Hp-rEJ_7Q", 7 | "e": "AQAB", 8 | "d": "PRzC5a7yRc8Tge53aAG8a-eZSLClwA64ziOSAVl65kPPFuTAQrpLpTE1lHdJvqvJh6ZXb2bOgfFkgw0U2aByGH6wvQl5XqHG_kJ8n5ZT1QKxJI7qxl-LUKB7opImxgJxeq3cgsUVy6x58tI0CCDXnlP58MHftVq0y2lmYRFCh-iLKFUkFkvWznUSh5phg_eniyQrKf64XCTQvEDNTD36uunsYQ5ilKNWsE6smm5c2Uvzw-Rxz8dz8mcD7HiTHCg3zGVFi56ndcFOt2XGrM81g4ZFg5lmYfP3YdPpcq0zFgH6O2dQ9m15Il2DufQab7LZUEby1j0t2IA2WdyFyzSygQ", 9 | "p": "xfKkQoxO_2CIoOoQkAmX7Ieb-ieoirTsZPukdmGJXkq0EpEaxLKywjPKDLxPnIzp5YBHrauP61yO7GSFk8-8JNnRj29aoHBIMYUqBobdOtEeTP_AEqZ7ilmmRq8pHjN6KIInMt5lNAxx0Fj5NiBwVELDhsTSJ6-Coiu1UZaLZDk", 10 | "q": "05-rxyO1sDnclDKkQLon6Mh3p-bOWr1qTM4ounrWzx-knBiKLlSuCZppRMpVDdBBu5X0mQETPKuzPF-BraMRS-_EFjOdSPmswSOGiO9MnXLaPvRYDJg0Dc-WqrUxLWoVhm1V8UCOfG-kfFNqLtjah940uiqMNWcuULlZ86VGAVU", 11 | "dp": "QNRvJ7x8QveCx_Dg68u4jib71roWYRdQNOKVwo-_RbqBr3MGqVU9Zo0_p1wlVshv8lJJJ4AA6rytso5ZkUd__zG3iJqXu-QKQO20Dd8tpY3HtsAsT-9mlrE13ACSHuoNICdAX1CnJJzOycXaGPgW0gHrt7_OdGDvD93wzH_Zt0E", 12 | "dq": "HB2TkeKBqgcV8i6EOgFBeiDgHNOCSPXvYILnUFcvoNcAZKix-xPPB4GXSMdk42_uu8Bhfc5xwtbA-l1p-iq3CpKxR43V8LMTK5nPrvO0BxsSOdj2tb2m9MrGpqlp_jGg6HowN9wu0gN3I_llGxI-flycPruWYyXxNlJZzBACK_0", 13 | "qi": "NR0jBrkIFjuKelNRz1ezNzWcmRS1IGH9L_mBKVt8byGqbvY9V5YUL_-eG0XjpOGSRDF7sF7333do24DEIWkTq7GxKJ3mFdzxQkeyF70UvWznaMatcO-9eK6rohd36Eb-KH2NC-0MUFCi9KsOhu341JGL8dL0PBZGk1Cqnc-AiUw" 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_RS256_client2-RS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client2-RS256", 5 | "alg": "RS256", 6 | "n": "74Zcnrnyq-d6NuhVvkqgbK2pqVz5arlap5G1qUx8EJAwaQ5zE6thUgt_vho_VqsdI-AsNq4-QiWvodTfZlQJY1jMsu3BD-TaY00V4qR3mJm4ToIQYpu81e8zAfSJtL_7CksMpjb_o7N6xanaAYqo-CKvhqIBBi_gOCiMWilo2ucbzmBtv5Rmzue0kkbCcj2zG4JBgwHLi-o_m2E4R0eNUrs26lDlrBAR4VR8ZWfwLv2UI7PMOEV1hvCKppD2x_Z-QFmVBaHkM1gXLTlunrkuiK4aJ0CrKpWcVFfgorjYCQYr8esq8OAd3sLf-FxbOuzZ-yIK5uJ83Z_0LsfYfX8g0Q", 7 | "e": "AQAB" 8 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwk_sig_RS256_client2-RS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "use": "sig", 3 | "kty": "RSA", 4 | "kid": "client2-RS256", 5 | "alg": "RS256", 6 | "n": "74Zcnrnyq-d6NuhVvkqgbK2pqVz5arlap5G1qUx8EJAwaQ5zE6thUgt_vho_VqsdI-AsNq4-QiWvodTfZlQJY1jMsu3BD-TaY00V4qR3mJm4ToIQYpu81e8zAfSJtL_7CksMpjb_o7N6xanaAYqo-CKvhqIBBi_gOCiMWilo2ucbzmBtv5Rmzue0kkbCcj2zG4JBgwHLi-o_m2E4R0eNUrs26lDlrBAR4VR8ZWfwLv2UI7PMOEV1hvCKppD2x_Z-QFmVBaHkM1gXLTlunrkuiK4aJ0CrKpWcVFfgorjYCQYr8esq8OAd3sLf-FxbOuzZ-yIK5uJ83Z_0LsfYfX8g0Q", 7 | "e": "AQAB", 8 | "d": "5NAH_qFHzywrtfQwpL4Jjog_gUkOAwPaNCWf0oD8K55ygImLKQkYyRWvDF1qkFKaXcEyu3Gsi-gQZZpDZy90YHFd6rfxLEvEzAPBmmbe0OpYBLd_C5QWyo_cvEtsmTykhmq3RLlZcHpuGBFv7vUVASWxY_2y2MQ3f65MlXzla-Ztq25_8l1t1sMzD1ZYTJdc41Bp4Kjk3cdRmI83bhrEMm6ZKiDDXRblQp-LBpvKMD8KDShXXBTU2DXDD4FSDQjkVCQwFsDcTf-Gx-2vUfI-u_dKSmqmLK4yZVf63IpbdggNlp6aTLV9UW9MhiVEx1XBjl_dFw8PIz6g67Z7cjFW2Q", 9 | "p": "9YnJEovIB2oPBFmYV7b5ypzSur33w5CQn4HAYpAaOIFC3th9seaWtMTYzkCRMU9Y5gDw8K4-FgPl-Fp0dZjC0J7A2iJzGH6osqI7w5Pcveh_MMKBAMGgF1ww2iz77hTSyFZ-P3AoTVweUpnjF2G9ozdbWK8ZLvMStQfPsTjeCps", 10 | "q": "-br8PoSiLkqp-9m-bEopwbQGuZelvI1clqN1ijOS5O_AHe-_PdKqEjv5TDn-CcsWLNKIN-BwKfL03qSlbtCaAW-9mJnSMthJBAbhJVkN0RPlQA7ytgza_ks1PwSKGmhhmNoovC_cmYAc-8jEBH1scrfUjVbFzaYxFBfNJeZKkwM", 11 | "dp": "JuOn4TQafnIh5sJ6CoqEjb7A8arc7zCad2kJm5LPVFvEx57qaZ7oB8GVxTUcyf6TSfqkLrqqQrpjVi6de3KyiHBcgzApopuNBJ4FcTieIcYNPx_PZttEC-8iHaw6Sr8pk2l_nXSaLYaFlvegrDdi3dMKuMUi6_i74chW8O7c3Dk", 12 | "dq": "kEggBF7M9MHeg8vB4P7YMTm5yPB8qPtjSwUVm8tAS1TZQnKJo0ZbTD2qQwgeZboYDb11RhM9un7MSvYFPoj28W2FtOzqLMYZKWJwIgvZl7pO8Tuxrsyumc0J7mbJA4jbGlywvElKwsTp-e58kbuFNKJRA3fmwHIMWPeHZyYuX9E", 13 | "qi": "4l60JigLXFOYq6SL42j3voYLdItg2dlz2tlJvrA1vbH-kId6XK4WOKaGGqAZ3FP1OEgXhiuqdTDb1Nrtrvx_lybJzFqdMIu7WDOvx6Ce6O16Tuv-Gi2ftVUME7oFYvcWk4ICXDmStjr1OK4mBbVXw24DPtl3Grc0QyqzsiGcD_4" 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_ES256_client1-ES256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "EC", 6 | "kid": "client1-ES256", 7 | "crv": "P-256", 8 | "alg": "ES256", 9 | "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4", 10 | "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_ES256_client1-ES256.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "EC", 6 | "kid": "client1-ES256", 7 | "crv": "P-256", 8 | "alg": "ES256", 9 | "x": "KhIuh2un6UWcBCIQqr5s3lSN42mrp5kjdf3JrasR1E4", 10 | "y": "bUIXyjZ6Q7-fLu-mp56OJjEHOAbGd3X30EMhS7SG-Vw", 11 | "d": "zngKYq2KBIRGiawAAZQJ0K_ZxL3VyZbOHYScKtrOWX0" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_ES256_client2-ES256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "EC", 6 | "kid": "client2-ES256", 7 | "crv": "P-256", 8 | "alg": "ES256", 9 | "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME", 10 | "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo" 11 | } 12 | ] 13 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_ES256_client2-ES256.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "EC", 6 | "kid": "client2-ES256", 7 | "crv": "P-256", 8 | "alg": "ES256", 9 | "x": "X1K2NP56XffP8ZvkSJiD3ZiaD6A1forvWkZ2AzqbyME", 10 | "y": "S2GQUKAw0gW5kT-lEehLkt02PxA6CukInQhvo1hWcNo", 11 | "d": "xDb8I6rF-rMPo5MV-rZSZZRwk1-TYJCm6SK4JGeP7Gk" 12 | } 13 | ] 14 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_PS256_client1-PS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client1-PS256", 7 | "alg": "PS256", 8 | "n": "0J5vAPXfZS755gaBYn2PEakdHLtAmZc0cKA5wTL89V4uz9sdkiub-S91cJUTqfxqFFwFe-acTKW7-HKOusJREq3oWNyv394-2OXSDz15Lso6GEATorSRTWzfqUjogjOOBxrvxrcMyxS2RM_NjaNPw2PDWO6u0_BHPWbzyKdKbzzGsuqpd4bZ85-xzDXhXRe0n23GCnGxpPM0SvsW9CAme23-ET_F6VdfPKkX0GSU_vxdwEwGUrk5sbBmtoLcj-pfpJKaA7ZbtLsngrIVIPRNUdcP3eCPiYHrDltsi1wnWlnRj2OBcqfM6bVOQfIiVLv-UC2PgY9gmzzw-Q86GPBQOw", 9 | "e": "AQAB" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_PS256_client1-PS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client1-PS256", 7 | "alg": "PS256", 8 | "n": "0J5vAPXfZS755gaBYn2PEakdHLtAmZc0cKA5wTL89V4uz9sdkiub-S91cJUTqfxqFFwFe-acTKW7-HKOusJREq3oWNyv394-2OXSDz15Lso6GEATorSRTWzfqUjogjOOBxrvxrcMyxS2RM_NjaNPw2PDWO6u0_BHPWbzyKdKbzzGsuqpd4bZ85-xzDXhXRe0n23GCnGxpPM0SvsW9CAme23-ET_F6VdfPKkX0GSU_vxdwEwGUrk5sbBmtoLcj-pfpJKaA7ZbtLsngrIVIPRNUdcP3eCPiYHrDltsi1wnWlnRj2OBcqfM6bVOQfIiVLv-UC2PgY9gmzzw-Q86GPBQOw", 9 | "e": "AQAB", 10 | "d": "rCYQ83nxHk3laSt1GREDPk-O9maOqC9d1pJhFkw88T0G4_6sKDJUQwwmnQBneZ4Q6zwESnnCAH3C3wGpRfOTcxaO5MU3XETJF7KN5IWVukamKdy2V00pmfp9lfPT6Z0hVjukIRZsOCifP6k6teZNq65nRLuxCLL-Fm0ePjXN9nty_T0XBzNeHs961zxLfc_QQFMJ46ppuLl5nBpmMErNhBwtY30y1s6cXWAhEDRvefYyhOPySCjbmUWSel7swuGxZKQIYkJS1QJ-g_e4DyVgybsY0mbaL2wNnZYW_rkVEtmII9L4tGfzcYBYd7084OXvTlh8YVuJfgxqCrIYlOQQAQ", 11 | "p": "7DcHbBqFXG6UTxX6nfI4KISyhKhAhe47H3QjBRZN03EFR0-Lpx6ncY5kiMMx_8ePPzlO_U8InG6PzhAgZFdtqJYt2lcUL50HnfPWv1KoGFe8bCNp7iYSmKT_0SjFTzBZnmoAoFcbEAzXHggWMnbMrpSLBEH64dF2GqgXXVXGEds", 12 | "q": "4hevCO5gcVC4QOZxoapdgvB0AwSiHGZEuAghrYld_6gNl42yMmOsqBhR5XgKSngUv2vrM9NkGXcURVYrcukLKT3bS5yGp5bXzMjEodDijOo33Oxz_uWtcUSH5JpB7BpUS2UuoqnJJA0YnLj_vW7jHczd33__PJ9CQSa5STA--SE", 13 | "dp": "lEuX5U5hGz5w7ZWm2TIP_6APUykuGOcPRxfqRG9UPMJfxf0yd6DPDoOOqi2hXisyy0Z3SKAtj8f5kCyfqV8aARUHhGPW0G2NMqS61TJXRbEPIfS5tEFCu4Ia-HzYIncATGvQKNmGq_TjuH7rMJNUvOWUwP-LOen-c43D3VzUFLE", 14 | "dq": "XSY21i4oC-ee0hZfcKTZPA5HLcsl4x97ZnrrLS0wThl16B_X8AzC4MqMS0dmrgHFQox67fJFBnzaHCsBYamEEKzMgd1uWPO720JISQbfoAELnPjKXZVRHR6IAnZPfK_oVNvOF_Rty22d20wZCXn7FpcGPoPkq5xN1rvWkMHQ4CE", 15 | "qi": "5d84bsBKb6u0YspU9hpc9o8F5PcJxqlwsfyOof80tUwA3NTk985cvaiXM5kQwM21q7bCyMoNfTi681MzlK1gt9GYRAHV4NJhw410mGDdnmGYFtsJwJIZbnwttYJsI0RIrk7Irom8HD2AnTvV5aI05Dxhv_-nCfn-bhy1Qqwce98" 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_PS256_client2-PS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client2-PS256", 7 | "alg": "PS256", 8 | "n": "6DHkboNmEegAyz9N6ux6UwEyI7a2pB3Dv-EOalRuvtqhh6jPsUd6TQZk385DzofNgYZaO1kC9wmYqD4mmQO7N6ZMvZQAbMmCat72-vHKxvZYzjcURMHTK-GDtvOUjbXzC3C0yboOS8qnO5etwho5PXETe3xdgjnERSekgAXdqzGxJEKincPWzcpoaPTpWROf4D9wNnS-rgwyd0CKp20NzoByhUtxMOKJn2t6wmBqgp7SEVOOgwRPEKMiD8u14jY-9xNfG3kOdAHMArSFb5HJN6USyFmFXROczEXOwJgvoCkY0p0hg2NCzImkPgbDmdj_otzLGjB9m3gtIoAa7THzKQ", 9 | "e": "AQAB" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_PS256_client2-PS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client2-PS256", 7 | "alg": "PS256", 8 | "n": "6DHkboNmEegAyz9N6ux6UwEyI7a2pB3Dv-EOalRuvtqhh6jPsUd6TQZk385DzofNgYZaO1kC9wmYqD4mmQO7N6ZMvZQAbMmCat72-vHKxvZYzjcURMHTK-GDtvOUjbXzC3C0yboOS8qnO5etwho5PXETe3xdgjnERSekgAXdqzGxJEKincPWzcpoaPTpWROf4D9wNnS-rgwyd0CKp20NzoByhUtxMOKJn2t6wmBqgp7SEVOOgwRPEKMiD8u14jY-9xNfG3kOdAHMArSFb5HJN6USyFmFXROczEXOwJgvoCkY0p0hg2NCzImkPgbDmdj_otzLGjB9m3gtIoAa7THzKQ", 9 | "e": "AQAB", 10 | "d": "q9gY_q1iwkfZJpMQYJhpo7rT19im7WlV8VFn8MvSNo_qUlNeew6ydgUQbQ7j4hthvcWoTBoBdsF0aLeuqzo2ueXrD7dUZS7xxZSEZ47Bi2TQrrXW21gzqFs7txAo1oRdfw8HzfBUGkW-ZP1JzMjJqi5gw9h0ACgumRvQxCsTNlmkgKpInsBYqzASeVWFKQ5RTMHGoMoNfPJwgn1LuTi5sPKqT3n079R3M3iMKIUrzu-CWMNgtsDM9bSYAaAl6foySQS81DL_mMBuNfedOAnZcQSSjgwjI0S7GIAm4laf7692hfUk2XgqQTS5UpKRMZmsO81_1ErriSNMJI2wjKqW3Q", 11 | "p": "7P97DuHNQ9JWrtSZpIi-0fawFBVy1CpXlVeagF3Nud56VzokBTrNUNxrff04QfgMSH-cK7_DWVptBXZBeUDuxWzj82P1ms_jHNTsG87IPOOm5vWua086cvRK29INH_GHEl7reVL_VTiJlpI9NM-0sSC0DeIo5IfRuCJd9FwAXPs", 12 | "q": "-s_TXd8vASsxcf3VJButhVFo9dEVhGaKH43118DILiS1C5yfyO3z3qZ9SMtgv2L8TV3bHusVk3K35lyT93dS1505Ezh2OIX0r-_Qg23Lwyw5Dhlefty59o-o035JmgyYcHANy-WbHy3VZ3hDi3FFaqX6KvSSlG0wADhBaW687ys", 13 | "dp": "br2GI9MQ1fMP_Atta3tWJsftSMUo7ciHOko_8GFkgshZRC7vq93pGDKWq71Jr1GXc7zlHXAyeKsPLDEwsNbNe0TBUvZPSjJ_ffZkCS5bVFBPqbX89TmFJzfNTt_csCNsqQHfZ8aHdqu_ZrMYlHfFh8qvN5mI4Bgyv6aXXloq9Uc", 14 | "dq": "HsXrECR3FvSev3a-dQy0UJw5fZemxTTzk4WOeWdc6FR2pjMUY8nWVyYkTw8tEq5peHCglv2PCyVTLP-E5CMO1gejXhlaX_sHl6Kb-dQ54PuHEJTKRFR-uKLNuw1OqIkNFxaYisDkNIIiIezelLhUJQ6yUBzr8ywmbJB6bh45Ljs", 15 | "qi": "kAh6uR9qNCv9v-9vrEyqy3dnLVeW5MUtyEH1KLegrsjVlrtBTsMQGSpmXE5oMHvyiqz9e4f0FAQItQjNfIfINMNNFlukmiXFdmqUnKqVGx65cw3Yvzk-KeF8ZiEwQ_QULj7roDOZH8-XbcMjVPCOMEDM2FCMvtIxJqUr4fFJ7_E" 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_RS256_client1-RS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client1-RS256", 7 | "alg": "RS256", 8 | "n": "o6Jz6e3tDkfOTuzPlCgK2ljVCVmOdkchusOMFF6DHTsBEv4GWo_ReNV7GggY_0NRUzZWKRDBNe09rBeC5Oc6ympHVD2mozJjfRDj8vpN2f8k2bhI2f6YXy1FMDb83SmfU6AEhmWV_kRAwZS32xExO70lvptjGoINM2YPFkuYVySQ1jeRUSGmC-XIV9-K6-zNhL8QHDTm-5Nza69AehffW2rfuggOoYZ772QxiEOYqdLyNPzegLjIfwXFZdEdRGX6OmNWaCXWzP4oLPut52-HC_2pYmgiixAVkKbIYIgKomzrXMhzi6tutyWMzcW3GPn1OMcWBdXPEebH6Hp-rEJ_7Q", 9 | "e": "AQAB" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_RS256_client1-RS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client1-RS256", 7 | "alg": "RS256", 8 | "n": "o6Jz6e3tDkfOTuzPlCgK2ljVCVmOdkchusOMFF6DHTsBEv4GWo_ReNV7GggY_0NRUzZWKRDBNe09rBeC5Oc6ympHVD2mozJjfRDj8vpN2f8k2bhI2f6YXy1FMDb83SmfU6AEhmWV_kRAwZS32xExO70lvptjGoINM2YPFkuYVySQ1jeRUSGmC-XIV9-K6-zNhL8QHDTm-5Nza69AehffW2rfuggOoYZ772QxiEOYqdLyNPzegLjIfwXFZdEdRGX6OmNWaCXWzP4oLPut52-HC_2pYmgiixAVkKbIYIgKomzrXMhzi6tutyWMzcW3GPn1OMcWBdXPEebH6Hp-rEJ_7Q", 9 | "e": "AQAB", 10 | "d": "PRzC5a7yRc8Tge53aAG8a-eZSLClwA64ziOSAVl65kPPFuTAQrpLpTE1lHdJvqvJh6ZXb2bOgfFkgw0U2aByGH6wvQl5XqHG_kJ8n5ZT1QKxJI7qxl-LUKB7opImxgJxeq3cgsUVy6x58tI0CCDXnlP58MHftVq0y2lmYRFCh-iLKFUkFkvWznUSh5phg_eniyQrKf64XCTQvEDNTD36uunsYQ5ilKNWsE6smm5c2Uvzw-Rxz8dz8mcD7HiTHCg3zGVFi56ndcFOt2XGrM81g4ZFg5lmYfP3YdPpcq0zFgH6O2dQ9m15Il2DufQab7LZUEby1j0t2IA2WdyFyzSygQ", 11 | "p": "xfKkQoxO_2CIoOoQkAmX7Ieb-ieoirTsZPukdmGJXkq0EpEaxLKywjPKDLxPnIzp5YBHrauP61yO7GSFk8-8JNnRj29aoHBIMYUqBobdOtEeTP_AEqZ7ilmmRq8pHjN6KIInMt5lNAxx0Fj5NiBwVELDhsTSJ6-Coiu1UZaLZDk", 12 | "q": "05-rxyO1sDnclDKkQLon6Mh3p-bOWr1qTM4ounrWzx-knBiKLlSuCZppRMpVDdBBu5X0mQETPKuzPF-BraMRS-_EFjOdSPmswSOGiO9MnXLaPvRYDJg0Dc-WqrUxLWoVhm1V8UCOfG-kfFNqLtjah940uiqMNWcuULlZ86VGAVU", 13 | "dp": "QNRvJ7x8QveCx_Dg68u4jib71roWYRdQNOKVwo-_RbqBr3MGqVU9Zo0_p1wlVshv8lJJJ4AA6rytso5ZkUd__zG3iJqXu-QKQO20Dd8tpY3HtsAsT-9mlrE13ACSHuoNICdAX1CnJJzOycXaGPgW0gHrt7_OdGDvD93wzH_Zt0E", 14 | "dq": "HB2TkeKBqgcV8i6EOgFBeiDgHNOCSPXvYILnUFcvoNcAZKix-xPPB4GXSMdk42_uu8Bhfc5xwtbA-l1p-iq3CpKxR43V8LMTK5nPrvO0BxsSOdj2tb2m9MrGpqlp_jGg6HowN9wu0gN3I_llGxI-flycPruWYyXxNlJZzBACK_0", 15 | "qi": "NR0jBrkIFjuKelNRz1ezNzWcmRS1IGH9L_mBKVt8byGqbvY9V5YUL_-eG0XjpOGSRDF7sF7333do24DEIWkTq7GxKJ3mFdzxQkeyF70UvWznaMatcO-9eK6rohd36Eb-KH2NC-0MUFCi9KsOhu341JGL8dL0PBZGk1Cqnc-AiUw" 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_RS256_client2-RS256-pub.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client2-RS256", 7 | "alg": "RS256", 8 | "n": "74Zcnrnyq-d6NuhVvkqgbK2pqVz5arlap5G1qUx8EJAwaQ5zE6thUgt_vho_VqsdI-AsNq4-QiWvodTfZlQJY1jMsu3BD-TaY00V4qR3mJm4ToIQYpu81e8zAfSJtL_7CksMpjb_o7N6xanaAYqo-CKvhqIBBi_gOCiMWilo2ucbzmBtv5Rmzue0kkbCcj2zG4JBgwHLi-o_m2E4R0eNUrs26lDlrBAR4VR8ZWfwLv2UI7PMOEV1hvCKppD2x_Z-QFmVBaHkM1gXLTlunrkuiK4aJ0CrKpWcVFfgorjYCQYr8esq8OAd3sLf-FxbOuzZ-yIK5uJ83Z_0LsfYfX8g0Q", 9 | "e": "AQAB" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/jwks_sig_RS256_client2-RS256.json: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "use": "sig", 5 | "kty": "RSA", 6 | "kid": "client2-RS256", 7 | "alg": "RS256", 8 | "n": "74Zcnrnyq-d6NuhVvkqgbK2pqVz5arlap5G1qUx8EJAwaQ5zE6thUgt_vho_VqsdI-AsNq4-QiWvodTfZlQJY1jMsu3BD-TaY00V4qR3mJm4ToIQYpu81e8zAfSJtL_7CksMpjb_o7N6xanaAYqo-CKvhqIBBi_gOCiMWilo2ucbzmBtv5Rmzue0kkbCcj2zG4JBgwHLi-o_m2E4R0eNUrs26lDlrBAR4VR8ZWfwLv2UI7PMOEV1hvCKppD2x_Z-QFmVBaHkM1gXLTlunrkuiK4aJ0CrKpWcVFfgorjYCQYr8esq8OAd3sLf-FxbOuzZ-yIK5uJ83Z_0LsfYfX8g0Q", 9 | "e": "AQAB", 10 | "d": "5NAH_qFHzywrtfQwpL4Jjog_gUkOAwPaNCWf0oD8K55ygImLKQkYyRWvDF1qkFKaXcEyu3Gsi-gQZZpDZy90YHFd6rfxLEvEzAPBmmbe0OpYBLd_C5QWyo_cvEtsmTykhmq3RLlZcHpuGBFv7vUVASWxY_2y2MQ3f65MlXzla-Ztq25_8l1t1sMzD1ZYTJdc41Bp4Kjk3cdRmI83bhrEMm6ZKiDDXRblQp-LBpvKMD8KDShXXBTU2DXDD4FSDQjkVCQwFsDcTf-Gx-2vUfI-u_dKSmqmLK4yZVf63IpbdggNlp6aTLV9UW9MhiVEx1XBjl_dFw8PIz6g67Z7cjFW2Q", 11 | "p": "9YnJEovIB2oPBFmYV7b5ypzSur33w5CQn4HAYpAaOIFC3th9seaWtMTYzkCRMU9Y5gDw8K4-FgPl-Fp0dZjC0J7A2iJzGH6osqI7w5Pcveh_MMKBAMGgF1ww2iz77hTSyFZ-P3AoTVweUpnjF2G9ozdbWK8ZLvMStQfPsTjeCps", 12 | "q": "-br8PoSiLkqp-9m-bEopwbQGuZelvI1clqN1ijOS5O_AHe-_PdKqEjv5TDn-CcsWLNKIN-BwKfL03qSlbtCaAW-9mJnSMthJBAbhJVkN0RPlQA7ytgza_ks1PwSKGmhhmNoovC_cmYAc-8jEBH1scrfUjVbFzaYxFBfNJeZKkwM", 13 | "dp": "JuOn4TQafnIh5sJ6CoqEjb7A8arc7zCad2kJm5LPVFvEx57qaZ7oB8GVxTUcyf6TSfqkLrqqQrpjVi6de3KyiHBcgzApopuNBJ4FcTieIcYNPx_PZttEC-8iHaw6Sr8pk2l_nXSaLYaFlvegrDdi3dMKuMUi6_i74chW8O7c3Dk", 14 | "dq": "kEggBF7M9MHeg8vB4P7YMTm5yPB8qPtjSwUVm8tAS1TZQnKJo0ZbTD2qQwgeZboYDb11RhM9un7MSvYFPoj28W2FtOzqLMYZKWJwIgvZl7pO8Tuxrsyumc0J7mbJA4jbGlywvElKwsTp-e58kbuFNKJRA3fmwHIMWPeHZyYuX9E", 15 | "qi": "4l60JigLXFOYq6SL42j3voYLdItg2dlz2tlJvrA1vbH-kId6XK4WOKaGGqAZ3FP1OEgXhiuqdTDb1Nrtrvx_lybJzFqdMIu7WDOvx6Ce6O16Tuv-Gi2ftVUME7oFYvcWk4ICXDmStjr1OK4mBbVXw24DPtl3Grc0QyqzsiGcD_4" 16 | } 17 | ] 18 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/entities/client_private_keys/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/json" 5 | "flag" 6 | "io/ioutil" 7 | "log" 8 | "net/http" 9 | "strings" 10 | ) 11 | 12 | type JWKS struct { 13 | Keys []json.RawMessage `json:"keys"` 14 | } 15 | 16 | type PubKey struct { 17 | KID string `json:"kid"` 18 | } 19 | 20 | func createJWKS(dir string) ([]json.RawMessage, error) { 21 | files, err := ioutil.ReadDir(dir) 22 | if err != nil { 23 | panic(err) 24 | } 25 | 26 | jwks := []json.RawMessage{} 27 | 28 | for _, file := range files { 29 | n := file.Name() 30 | if !file.IsDir() && strings.HasPrefix(n, "jwk_") && strings.HasSuffix(n, "-pub.json") { 31 | log.Printf("Read jwk: %s", n) 32 | b, err := ioutil.ReadFile(dir + "/" + n) 33 | if err != nil { 34 | return nil, err 35 | } 36 | jwks = append(jwks, b) 37 | 38 | var pubKeys PubKey 39 | if err := json.Unmarshal(b, &pubKeys); err != nil { 40 | log.Fatal(err) 41 | } 42 | keyMaps[pubKeys.KID] = b 43 | 44 | } 45 | 46 | } 47 | 48 | return jwks, nil 49 | } 50 | 51 | func jwksHandler(w http.ResponseWriter, r *http.Request) { 52 | kid := r.URL.Query().Get("kid") 53 | clientKeys := []json.RawMessage{keyMaps[kid]} 54 | kidEnc := r.URL.Query().Get("kid_enc") 55 | if kidEnc != "" { 56 | clientKeys = append(clientKeys, keyMaps[kidEnc]) 57 | } 58 | clientJwks := JWKS{Keys: clientKeys} 59 | k, err := json.Marshal(clientJwks) 60 | if err != nil { 61 | log.Printf("Failed to marshal jwks. err: %v", err) 62 | http.Error(w, err.Error(), http.StatusInternalServerError) 63 | return 64 | } 65 | 66 | w.Header().Set("Content-Type", "application/json; charset=UTF-8") 67 | w.Write(k) 68 | } 69 | 70 | var keys []json.RawMessage 71 | 72 | var keyMaps = make(map[string]json.RawMessage) 73 | 74 | func main() { 75 | flag.Parse() 76 | dir := flag.Arg(0) 77 | if dir == "" { 78 | log.Fatalf("Need directory path.") 79 | } 80 | 81 | var err error 82 | keys, err = createJWKS(dir) 83 | if err != nil { 84 | log.Fatalf("Failed to setup jwks. err: %v", err) 85 | } 86 | 87 | http.HandleFunc("/", jwksHandler) 88 | http.ListenAndServe(":3000", nil) 89 | } 90 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/keycloak/.gitignore: -------------------------------------------------------------------------------- 1 | #server.pem 2 | #client-ca.pem 3 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/keycloak/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG KEYCLOAK_BASE_IMAGE 2 | 3 | FROM registry.access.redhat.com/ubi9 AS ubi-micro-build 4 | RUN mkdir -p /mnt/rootfs 5 | RUN dnf install --installroot /mnt/rootfs curl --releasever 9 --setopt install_weak_deps=false --nodocs -y; dnf --installroot /mnt/rootfs clean all 6 | 7 | FROM ${KEYCLOAK_BASE_IMAGE} 8 | 9 | COPY --from=ubi-micro-build /mnt/rootfs / 10 | 11 | # https://datatracker.ietf.org/doc/html/rfc9325.html#section-4.2 12 | ENV KC_HTTPS_PROTOCOLS=TLSv1.2 13 | ENV KC_HTTPS_CIPHER_SUITES=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 14 | ENV KC_HTTPS_PORT=9443 15 | 16 | USER root 17 | 18 | # Add certificates 19 | COPY server.pem /etc/x509/https/server.crt 20 | COPY client-ca.pem /etc/x509/https/client-ca.crt 21 | 22 | RUN \ 23 | echo "Importing certificates into truststore" && \ 24 | keytool -import -cacerts -storepass changeit -noprompt -file /etc/x509/https/server.crt -alias myservercrt && \ 25 | keytool -import -cacerts -storepass changeit -noprompt -file /etc/x509/https/client-ca.crt -alias myclientcacrt && \ 26 | echo "Certificates imported" 27 | 28 | 29 | # Custom SPIs 30 | COPY ${KEYCLOAK_SPI_0} /opt/keycloak/providers/ 31 | 32 | # Custom OIDC metadata 33 | COPY oidf.json /opt/keycloak/conf 34 | 35 | # SPI Customizations 36 | COPY keycloak-custom.properties /opt/keycloak/conf 37 | RUN cat /opt/keycloak/conf/keycloak-custom.properties >> /opt/keycloak/conf/keycloak.conf 38 | 39 | USER 1001 40 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/keycloak/client-ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICUzCCAfqgAwIBAgIUNg8NuXKnUtN9C0UkBm9I2PUm5sswCgYIKoZIzj0EAwIw 3 | djELMAkGA1UEBhMCSlAxEzARBgNVBAgTClByaXZhdGUgQ0ExFzAVBgNVBAoTDlNl 4 | Y3VyZSBPU1MgU2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMSEwHwYDVQQDExhL 5 | ZXljbG9hay1mYXBpIFByaXZhdGUgQ0EwHhcNMjQwNjA1MTAyNzAwWhcNMjkwNjA0 6 | MTAyNzAwWjB2MQswCQYDVQQGEwJKUDETMBEGA1UECBMKUHJpdmF0ZSBDQTEXMBUG 7 | A1UEChMOU2VjdXJlIE9TUyBTaWcxFjAUBgNVBAsTDUtleWNsb2FrLWZhcGkxITAf 8 | BgNVBAMTGEtleWNsb2FrLWZhcGkgUHJpdmF0ZSBDQTBZMBMGByqGSM49AgEGCCqG 9 | SM49AwEHA0IABLkAtO5vI7BQ0RUbydagPeNDP7PB+lcCbp/l+/qOEKTVa0lqw362 10 | Zl47lqPgjKdtVvJ1clvOTpzFp3KONSJWy7qjZjBkMA4GA1UdDwEB/wQEAwIBBjAS 11 | BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRZtMPo5MtW7lx9atG6OgKDKiPz 12 | GjAfBgNVHSMEGDAWgBRZtMPo5MtW7lx9atG6OgKDKiPzGjAKBggqhkjOPQQDAgNH 13 | ADBEAiBK4fzc7+ICPQbrHIPF5eCSDY9it1hHF9/GNW5Mi0LLsQIgcE+zJlYFS98K 14 | hJHDOlOd0JLeqJExAujVGd6u8XFc7z8= 15 | -----END CERTIFICATE----- 16 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/keycloak/custom-spi.txt: -------------------------------------------------------------------------------- 1 | # placeholder for deploying a custom keycloak SPI 2 | -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/keycloak/keycloak-custom.properties: -------------------------------------------------------------------------------- 1 | spi-well-known-openid-configuration-openid-configuration-override=${kc.home.dir}/conf/oidf.json 2 | spi-well-known-openid-configuration-include-client-scopes=true 3 | 4 | spi-ciba-auth-channel-ciba-http-auth-channel-http-authentication-channel-uri=http://auth_entity_server:3001/ 5 | 6 | # The latest conformance site (v5.1.31) has not yet fixed some conformance test considering OIDC spec bug fix. 7 | # Keycloak 26.2 already resolved it and caused its breaking change. 8 | # For backward compatiblity, keycloak left the way to keep the previous behaviour (now considered not secure). 9 | # To pass conformance tests, do such configuration. 10 | # Please remove the settings after the conformance suite resolve the conformance tests. 11 | # 12 | # OpenID Foundation: Notice of a Security Vulnerability 13 | # https://openid.net/notice-of-a-security-vulnerability/ 14 | # CVE: CVE-2025-27370 for OpenID Foundation private_key_jwt as defined in OpenID Connect 15 | # https://www.cve.org/CVERecord?id=CVE-2025-27370 16 | # CVE: CVE-2025-27371 for IETF OAuth2 JWT client authentication assertions as defined in RFC 7521/7523 17 | # https://www.cve.org/CVERecord?id=CVE-2025-27371 18 | # OpenID Connect Core 1.0 - draft 36 incorporating errata set 3 19 | # https://openid.net/specs/openid-connect-core-1_0-36.html#rfc.section.9 20 | # Keycloak 26.2 release notes: JWT Client authentication aligned with the latest OIDC specification 21 | # https://www.keycloak.org/2025/04/keycloak-2620-released.html 22 | # Keycloak upgrade guide 23 | # https://www.keycloak.org/docs/latest/upgrading/index.html#jwt-client-authentication-aligned-with-the-latest-oidc-specification 24 | # Issue: Make sure that there is single audience allowed by default in JWT tokens sent to client authentication 25 | # https://github.com/keycloak/keycloak/issues/38819 26 | # PR: 27 | # https://github.com/keycloak/keycloak/pull/38830 28 | # 29 | # the following line should be comment out only if running FAPI 2.0 Final conformance test 30 | spi-login-protocol-openid-connect-allow-multiple-audiences-for-jwt-client-authentication=true -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/keycloak/oidf.json: -------------------------------------------------------------------------------- 1 | { 2 | "acr_values_supported": [ "urn:brasil:openinsurance:loa2", "urn:brasil:openbanking:loa2", "urn:brasil:openbanking:loa3", "urn:mace:incommon:iap:silver", "urn:cds.au:cdr:2" ], 3 | "claims_supported":[ "aud", "sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email", "acr", "cpf", "cnpj", "sharing_duration", "openbanking_intent_id" ] 4 | } -------------------------------------------------------------------------------- /conformance-tests-env/test-target/keycloak/keycloak/server.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEezCCA2OgAwIBAgIUKEdhdk+wy/Or1WcG3YA0u0wR8ngwDQYJKoZIhvcNAQEL 3 | BQAwZjELMAkGA1UEBhMCSlAxCzAJBgNVBAgTAkNBMRcwFQYDVQQKEw5TZWN1cmUg 4 | T1NTIFNpZzEWMBQGA1UECxMNS2V5Y2xvYWstZmFwaTEZMBcGA1UEAxMQS2V5Y2xv 5 | YWstZmFwaSBDQTAeFw0yMTA3MjgwODIyMDBaFw0yNjA3MjcwODIyMDBaMGYxCzAJ 6 | BgNVBAYTAkpQMQ8wDQYDVQQIEwZTZXJ2ZXIxFzAVBgNVBAoTDlNlY3VyZSBPU1Mg 7 | U2lnMRYwFAYDVQQLEw1LZXljbG9hay1mYXBpMRUwEwYDVQQDEwxzZWN1cmVvc3Mu 8 | anAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBZP/Ss/JoFi6IhwuY 9 | FluyC2ik1o8IAnUPI7OjgS0GxRjZhizKpaRKGnog2CVCVB0mPOXBP8JwUfufZWh0 10 | 63Uc3pMx53tNVAPb0sF9l3Ni9nCL8gkRZFM2ZZerYl6N53mCPmlYY296kgy2Ky/P 11 | 8P1mT4mOK4RfGmTqBwA0ot4k9kAkg53Q0MbfQ2ml0gvNY5mQ9qCBhtJuq6enkNv5 12 | TLgHE9k/w4Pgv5Nf5swwA4AxiPRo9pTux4NKKvgcZYpfYMcsBXC81sZovNye3u6n 13 | Jvb0ORl/vQXxWdEVl5+0QwamvC0JJIMatny5hchDrP41NyZLmjzzdQ5Ygqo8B0DM 14 | clNVAgMBAAGjggEfMIIBGzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB 15 | BQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUi8L29oMMwHMjorF+gLJxbp7h 16 | uKkwHwYDVR0jBBgwFoAUPTNOa4lBTtovzHjqPieuioFEcH8wgaUGA1UdEQSBnTCB 17 | moIJbG9jYWxob3N0gg4qLnNlY3VyZW9zcy5qcIIMa2V5Y2xvYWsub3Jngg4qLmtl 18 | eWNsb2FrLm9yZ4IIKi5uaXAuaW+CFGFzLmtleWNsb2FrLWZhcGkub3JnghRycy5r 19 | ZXljbG9hay1mYXBpLm9yZ4IjY29uZm9ybWFuY2Utc3VpdGUua2V5Y2xvYWstZmFw 20 | aS5vcmeHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAKsjh2OrQSYIxuljOUI5S5yO 21 | p0anH7++Hg5/CWpDxNqTx6RfzT15kFI3+h2X4aNjVPZgxUcNk0CRMNIbaIV6LDXm 22 | KnmXB6b0QtNIeeTApbheYAohZ/DsoVdGcNYDZHflunuzbHe14cM+lvdrboXNEt9N 23 | aas5gh4ozFaKRI5tFJVmeuwu6+lpk3SqUIfrl/2VMNDFXURoUv39IPhqLbMxERWY 24 | nvaMlbC1SkBvGkVvkfwfNzearS2BFwZuXrmy5OZn3PbJoULeBYZbysMiJ7OIVlDF 25 | WSPxcRNqFGx2jTA6d5pH1fZOiQkp1c/WRLHwLPs6c9k4PbbSCBUB1efKSfUP2VY= 26 | -----END CERTIFICATE----- 27 | -------------------------------------------------------------------------------- /conformance-tests-env/utils/generate-all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ARG1: Alias of FAPI Conformance suite server config 4 | # ARG2: Hostname of FAPI Conformance suite server 5 | # ARG3: Hostname of Keycloak server 6 | # ARG4: Hostname of Resource server 7 | # ARG5: Realm name 8 | # ARG6: Scope 9 | FCSS_ALIAS=${1:-keycloak} 10 | FCSS_HOST=${2:-conformance-suite.keycloak-fapi.org} 11 | KC_HOST=${3:-as.keycloak-fapi.org} 12 | RS_HOST=${4:-rs.keycloak-fapi.org} 13 | REALM=${5:-test} 14 | SCOPE=${6:-openid} 15 | 16 | DIR=$(cd $(dirname $0); pwd) 17 | cd $DIR 18 | 19 | ./https/generate-server.sh $KC_HOST $RS_HOST 20 | ./https/generate-clients.sh 21 | ./client_private_keys/generate-keys.sh 22 | ./keycloak/generate-realm.sh $FCSS_HOST $FCSS_ALIAS $REALM 23 | ./fapi-conformance-suite-configs/generate-fapi-conformance-suite-configs.sh $KC_HOST $RS_HOST $FCSS_ALIAS $REALM $SCOPE 24 | -------------------------------------------------------------------------------- /conformance-tests-env/utils/setup-fqdn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ARG1: Hostname of FAPI Conformance suite server 4 | # ARG2: Hostname of Keycloak server 5 | # ARG3: Hostname of Resource server 6 | # ARG4: Hostname of Consent server (FAPI-BR) 7 | # ARG5: Hostname of Authentication Entity server (FAPI-CIBA) 8 | CONFORMANCE_SUITE_FQDN=${1:-conformance-suite.keycloak-fapi.org} 9 | KEYCLOAK_FQDN=${2:-as.keycloak-fapi.org} 10 | RESOURCE_FQDN=${3:-rs.keycloak-fapi.org} 11 | CONSENT_FQDN=${4:-cs.keycloak-fapi.org} 12 | AUTH_ENTITY_FQDN=${5:-aes.keycloak-fapi.org} 13 | 14 | DIR=$(cd $(dirname $0); pwd) 15 | cd $DIR 16 | 17 | ../common/https/generate-server.sh $KEYCLOAK_FQDN $RESOURCE_FQDN $CONSENT_FQDN $AUTH_ENTITY_FQDN 18 | ../test-target/keycloak/keycloak/generate-realm.sh $CONFORMANCE_SUITE_FQDN 19 | ../conformance-suite/fapi-conformance-suite-configs/generate-fapi-conformance-suite-configs.sh $KEYCLOAK_FQDN $RESOURCE_FQDN 20 | 21 | -------------------------------------------------------------------------------- /members.adoc: -------------------------------------------------------------------------------- 1 | Below is the list of OAuth SIG (Ex FAPI-SIG) members 2 | 3 | If you think some information is outdated, either provide a pull request or send an email to the `keycloak-dev` mailing list. 4 | 5 | [cols=2*,options="header"] 6 | |=== 7 | |Company 8 | |Names 9 | 10 | |Adorsys 11 | |https://github.com/andriimurashkin[Andrii Murashkin], https://github.com/DmitryMishchuk[Dmytro Mishchuk], Dmytro Storozhyk, https://github.com/francis-pouatcha[Francis Pouatcha], https://github.com/HryhoriiHevorkian[Hryhorii], https://github.com/valb3r[Valentyn Berezin], https://github.com/guymoyo[Guy Moyo] 12 | 13 | |ANS 14 | |Charlène Sophie, Arnaud Bourhis 15 | 16 | |Backbase 17 | |Etienne Koekemoer, Gareth Filer, Jonathan Meyler 18 | 19 | |BANFICO 20 | |https://github.com/arunganesh-a[Arun Ganesh], https://github.com/kannan-ra[Kannan Rasappan], https://github.com/pritish-nitb[Pritish Joshi], https://github.com/ansari-haseb[Haseb Ansari] 21 | 22 | |Citi 23 | |Vinod Anandan 24 | 25 | |Hitachi 26 | |Yuichi Nakamura, https://github.com/tnorimat[Takashi Norimatsu] as Tech Lead 27 | 28 | |Independent 29 | |Vishnu Prakash, Gilbert Fernandes 30 | 31 | |Integral Technology Solutions 32 | |https://github.com/brothwellIntegral[Brendan Rothwell], Cameron Locke 33 | 34 | |Nomura Research Institute 35 | |https://github.com/wadahiro[Hiroyuki Wada] 36 | 37 | |Red Hat 38 | |https://github.com/akoserwal[Abhishek Koserwal], Boleslaw Dawidowicz, https://github.com/mposolda[Marek Posolda], https://github.com/stianst[Stian Thorgersen] 39 | 40 | |Temenos 41 | |James Holland 42 | 43 | |Identity Tailor GmbH 44 | |https://github.com/thomasdarimont[Thomas Darimont] 45 | 46 | |=== 47 | --------------------------------------------------------------------------------