Skip to content

Commit

Permalink
GUACAMOLE-2004: Fix KSM integration for RHEL systems with FIPS mode e…
Browse files Browse the repository at this point in the history 
…nabled
  • Loading branch information
@eugen-keeper
eugen-keeper committed Dec 13, 2024
1 parent 607e611 commit a9ec8d4
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion ...ult-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@

package org.apache.guacamole.vault.ksm;

import java.security.Security;

import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.vault.VaultAuthenticationProviderModule;
import org.apache.guacamole.vault.ksm.conf.KsmAttributeService;
Expand All @@ -36,6 +38,8 @@
import org.apache.guacamole.vault.secret.VaultSecretService;
import org.apache.guacamole.vault.user.VaultDirectoryService;

import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;

import com.google.inject.assistedinject.FactoryModuleBuilder;

/**
Expand All @@ -53,7 +57,14 @@ public class KsmAuthenticationProviderModule
* @throws GuacamoleException
* If configuration details in guacamole.properties cannot be parsed.
*/
public KsmAuthenticationProviderModule() throws GuacamoleException {}
public KsmAuthenticationProviderModule() throws GuacamoleException {
// KSM recommends using BouncyCastleFipsProvider to avoid potential
// issues (for example with FIPS enabled RHEL).
// https://docs.keeper.io/en/secrets-manager/secrets-manager/developer-sdk-library/java-sdk
// The addProvider method checks for duplications internally,
// so it is safe to add the same provider multiple times.
Security.addProvider(new BouncyCastleFipsProvider());
}

@Override
protected void configureVault() {
Expand Down

0 comments on commit a9ec8d4

Please sign in to comment.