libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Update 4_5_0_final.adoc

Browse source
This commit is contained in:
Stian Thorgersen 2018-09-24 21:52:06 +02:00
parent 9437226341
commit 42a6a3789f
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
release_notes/topics/4_5_0_final.adoc
View file

@ -1,8 +1,6 @@
= Signature SPI
The Signature SPI makes it possible to plug-in additional signature algorithms. Not only does it enable
additional signatures, but it also enables changing how signatures are generated. For example this would allow
using an HSM device to sign tokens.
The Signature SPI makes it possible to plug-in additional signature algorithms. This enables additional signatures and also enables changing how signatures are generated. For example, using this allows using an HSM device to sign tokens.
Thanks to https://github.com/tnorimat[tnorimat] for contributing a signficant part of this work.
@ -13,7 +11,7 @@ Alongside the Signature SPI there is now also support for additional signature a
Keycloak now has support for RS256, RS384, RS512, ES256, ES384, ES512, HS256, HS384 and HS512.
Elliptic Curve Digital Signature Algorithm (ES256/384/512) are very interesting as they provide similar
security properties as RSA signatures, but uses significantly less CPU.
security properties as RSA signatures, but use significantly less CPU.
HMAC (HS256/384/512) are also very useful when you do not want your application to verify the signature itself.
Since these are symmetric signatures only Keycloak is able to verify the signature, which requires the