Gluu docker - FIPS-140-2 compliance

By: Pawel Walus named 06 Apr 2022 at 5:39 a.m. CDT

5 Responses
Pawel Walus gravatar
Hello, I'm working on ensuring FIPS compiiance for our service. As I have determined, library org.gluu:scim-client 4.3.0-FINAL has a direct dependency on org.bouncycastle:bcprov-jdk15on 1.6.9. As this version of bouncycastle is not FIPS compliant, it is blocking the related work on our side. Is there any plan for making that library FIPS compliant, or is there already some version (or a possibility of configuring this one) of it that I am missing? Thank you in advance for answering.
Gluu 4.3 Docker 20.1
closed

Answers

By Mohammad Abudayyeh staff 07 Apr 2022 at 5:25 a.m. CDT

Copy
Mohammad Abudayyeh gravatar
Hey Pawel, tagging our SCIM resource @Jose.Gonzalez Thanks Mohammad

By Jose Gonzalez staff 07 Apr 2022 at 7:08 a.m. CDT

Copy
Jose Gonzalez gravatar
Reassigning to FIPS dev @Yuriy.Movchan

By Yuriy Movchan staff 11 Apr 2022 at 8:56 a.m. CDT

Copy
Yuriy Movchan gravatar
We prepared [scim-server-fips.war](https://maven.gluu.org/maven/org/gluu/scim-server-fips/4.4.0-SNAPSHOT/scim-server-fips-4.4.0-SNAPSHOT.war) with BCFIPS libs. This war file we will include in next package rebuild.

By Pawel Walus named 21 Apr 2022 at 7:44 a.m. CDT

Copy
Pawel Walus gravatar
Hey, is it already released (as a maven package)?

By Michael Schwartz Account Admin 23 Apr 2022 at 3:35 p.m. CDT

Copy
Michael Schwartz gravatar
This is outside the scope of our support agreement with Idemia. You'll have to escalate this to the business owners.

Post an answer