Keycloak Integration test issues -- KcSamlSignedBrokerTest

Looking at the KcSamlSignedBrokerTest’s in the arqullian tests and running into an issues. Using BCFIPS 1.0.2 libraries.

FIPS doesnt allow the same RSA key to be used for encrypt/decrypt as well as signing. I’m getting errors telling me so. Specifically, “Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.”

My theory is that the broker uses its private key to decrypt request from client and uses it again to sign request to Idp. So the key in broker is used for both encryption and signature.

Current idea is to generate separate keys for the encryption and signing portions, but struggling to find where in the execution of these tests that those respective parts are happening. I get lost in the monolith :slight_smile:

“testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlSignedBrokerTest.java”

Thanks!