I am working on getting keycloak to work with a FIPS certified library. While the changes in the core functionality are fairly small, the integration tests have required extensive changes, to handle specific needs around keystore format, key length, algorithms etc.
I wish to contribute my changes to KC, but I am not sure how to go about this. The options I have considered are
a. Maintain a fork and keep merging from upstream
b. Contribute incrementally to KC with a fips profile that keeps a common code base for FIPS and regular KC
Any suggestions and alternatives are highly welcome