I am running Keycloak 21.1.1 in a containerized environment. I have added the recommended bouncy castle jar files as providers and also using a BCKFS keystore with following env variables.
ENV KC_FEATURES=fips,token-exchange
ENV KC_FIPS_MODE=strict
ENV KC_HTTPS_KEY_STORE_TYPE=BCFKS
:
and so on
The server is starting fine, but there no sign of BCFIPS running on "approved mode" in the logs. I suppose to see the following line in the log as per this documentation.
KC(BCFIPS version 1.000203 Approved Mode, FIPS-JVM: enabled) version 1.0 - class org.keycloak.crypto.fips.KeycloakFipsSecurityProvider,
But the above line is not in my log. How will I know that it is truly running on strick FIPS approved mode?