keycloak 25.0.2 --features=fips hangs on kubernetes
62 views
Skip to first unread message
John Yost
Aug 25, 2025, 6:40:04 AM (14 days ago) Aug 25
to Keycloak User
Hi Everyone,
I have a docker image built off of quay.io/keycloak/keycloak 25.0.2 and it's working fine w/ --features=fips in docker compose. When I attempt to deploy on kubernetes, it hangs on startup:
anyone else resolve this? I've been working on this for a day or so and tried a bunch of diff things w/ no progress thus far, so any insights would definitely be appreciated.
Thanks
--John
Alexander Schwartz
Aug 25, 2025, 6:55:57 AM (14 days ago) Aug 25
to John Yost, Keycloak User
Hi John,
the version you're trying to use is no longer supported by the community. I suggest you upgrade to the latest version.
If the issue persists, try to get a Java stack trace to see where it blocks. Maybe it is trying to gather some entropy. The usual Keycloak startup scripts set "-Djava.security.egd=file:/dev/urandom" which try to avoid this, but maybe your setup is overriding those environment variables.
Best,
Alexander
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/03cd2ae1-58ca-4cdf-ab47-888b4d9a31b3n%40googlegroups.com.
Alexander Schwartz, RHCE
He/Him
Principal Software Engineer, Keycloak Maintainer
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Wolfgang Wendt
Geschäftsführung: David Faller
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294
John Yost
Sep 1, 2025, 2:46:33 AM (7 days ago) Sep 1
to Keycloak User
Hi Alexander,
I figured out that I was getting that error due to the fips variant of bouncycastle jars in my deployment. I removed the bouncycastle fips jars from my /opt/keycloak/providers directory, ran w/o "--features=fips", and then got this error:
First and foremost, thanks for the quick follow-up, much appreciated! Good suggestion to try "-Djava.security.egd=file:/dev/urandom", but that did not prevent it from hanging.
I cannot upgrade to 26.x quite yet, so I gotta make this work w/ 25.x.
Important note, I am using the keycloak/keycloak 25.0.2 as a base image that I add in my own user storage provider jars in the /opt/keycloak/providers directory. all of those load w/o error.
I tried running w/o "--features-fips", but then I get this error:
I figured out that I was getting that error due to the fips variant of bouncycastle jars in my deployment. I removed the bouncycastle fips jars from my /opt/keycloak/providers directory, ran w/o "--features=fips", and then got this error:
So perhaps the next step is to add the non-fips bouncy castle jars to my /opt/keycloak/providers/ dir and run in non-fips mode should work, correct?
--John
Reply all
Reply to author
Forward
0 new messages