Red Hat SummitChapter 13. Specifications implemented
List of specifications and standards implemented by Red Hat build of Keycloak.
This chapter presents a list of specifications and standards that Red Hat build of Keycloak currently implements. The standards are separated in different sections and, in each one, a table is shown with the following four columns:
- Specification: The standard or specification that Red Hat build of Keycloak implements.
- Status: The current status of the implementation inside Red Hat build of Keycloak (supported, preview, experimental,…). See Enabling and disabling features for more information.
Conformity: Assurance of conformity of the implementation.
- Certified (version): The specification provides conformance tests that Red Hat build of Keycloak executes periodically and for each new version. The version in brackets is the last version of Red Hat build of Keycloak certified by the authority.
- Passed: There are conformance tests provided by the authority that Red Hat build of Keycloak passes, but no version is certified yet.
- Partial: There are conformance tests but Red Hat build of Keycloak is not yet fully passing them.
- If this column is empty means that Red Hat build of Keycloak does not pass any external conformance tests for the spec. Only common project integration tests are executed. Maybe the authority does not provide a conformance tests suite or Red Hat build of Keycloak is not interested in passing them.
- Comments: A generic column that can contain details of the implementation or the status. For example parts that are not covered yet or specific behaviors out of the spec.
13.1. OpenID Connect
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Supported | Certified (18.0.0) | ||
| Supported | Certified (18.0.0) | ||
| Supported | Certified (18.0.0) | ||
| Supported | Certified (18.0.0) | ||
| Supported | Certified (18.0.0) | ||
| Supported | Certified (18.0.0) | ||
| Supported | Certified (18.0.0) | ||
| OpenID Connect Client-Initiated Backchannel Authentication Flow | Supported | Certified (18.0.0) | |
| Supported | Certified (18.0.0) | ||
| Supported | Certified (18.0.0) | ||
| Supported | |||
| Experimental |
13.2. OAuth
13.3. Financial-grade API (FAPI)
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Supported | Certified (15.0.2) | ||
| Supported | Certified (15.0.2) | ||
| Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) | Supported | Certified (15.0.2) | |
| Financial-grade API: Client Initiated Backchannel Authentication Profile (Draft) | Supported | Certified (15.0.2) | |
| Supported | Passed | ||
| Supported | Passed |
13.4. Security Assertion Markup Language (SAML)
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Supported | This standard covers multiple bindings and contexts. Red Hat build of Keycloak implements a full range of them but there are missing parts for sure. |
13.5. User Managed Access (UMA)
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization | Supported | ||
| Supported |
13.6. JSON Web
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Supported | |||
| Supported | |||
| Supported | |||
| Supported | |||
| Supported | |||
| Supported |
13.7. Misc
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Security Requirements for Cryptographic Modules (FIPS 140-2) | Supported | Certified | Red Hat build of Keycloak uses Bouncy Castle (BC) FIPS libraries to provide FIPS 140-2. BC is indeed a certified FIPS 140-3 implementation, but also needs a certified stack (Operative system and Java VM). See FIPS 140-2 support for more information. |
| Web Authentication: An API for accessing Public Key Credentials Level 2 | Supported | This specification has conformance tests but Red Hat build of Keycloak is not using them. Red Hat build of Keycloak acts as a WebAuthn’s Relying Party (RP) for this specification. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}