TechQA.

Is it possible to use RSA-512 instead of RSA-256 at Keycloak?

881 views Asked by At

I guess Keycloak has predefined algorithms/Active Keys such like RSA256,AES and HS256?

Is it possible to use RSA512 instead of RSA256?

Thank you for your kind helps

keycloak keycloak-services
Original Q&A
2

There are 2 answers

0
Paul Lysak On BEST ANSWER

In addition to the rsa-generated provider settings, you may need to go to "Client details" -> "Advanced" -> "Fine grain OpenID Connect configuration" and specify RS512 in "Access token signature algorithm" and "ID token signature algorithm". Otherwise, Keycloak creates fallback-RS256 provider and keeps using RS256 protocol

0
zaerymoghaddam On

You're right. It has some predefined algorithms and keys. But you can change their settings and force Keycloak to use RSA512. In order to do so, in your realm settings, go to the "Keys" tab and select "Providers" sub-tab. There you can click on the "Edit" button of the rsa-generated provider (that exists by default) and change its algorithm or key size to another value. In short:

Realm Settings > Keys > Providers > Edit (of rsa-generated row)

In the providers list, you have also the option to upload your own keystore with proper private key that is using the algorithm you prefer.

Related Questions in KEYCLOAK

Related Questions in KEYCLOAK-SERVICES

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions