Keycloak with FIPS 140-2

I am working on getting keycloak to work with a FIPS certified library. While the changes in the core functionality are fairly small, the integration tests have required extensive changes, to handle specific needs around keystore format, key length, algorithms etc.

I wish to contribute my changes to KC, but I am not sure how to go about this. The options I have considered are
a. Maintain a fork and keep merging from upstream
b. Contribute incrementally to KC with a fips profile that keeps a common code base for FIPS and regular KC

Any suggestions and alternatives are highly welcome

1 Like

Requirements for contributing are posted here:

Good first step is to join the keycloak-dev mailing list and make a proposal there: