Red Hat Single Sign-On (RH SSO) 7.6.2 deployed in OpenShift FIPS enabled environment fails the Liveness and Readiness Probes

Solution Verified - Updated -

Issue

  • After update to 7.6.2-opr-001 the keycloak's probes fails.

  • We have authentication setup using Redhat SSO and it is down. Trying to access cluster using kubeconfig but showing a message of obtaining API key.

  • In the latest version 7.6.2, after applying the FIPS env variable, the keycloak pod events show the following error and the container will not start:

      message: |
    Liveness probe failed: {
        "probe.eap.dmr.EapProbe": "Error sending probe request: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS",
        "probe.eap.dmr.HealthCheckProbe": "Error sending probe request: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS"
    }
    INFO Using the '<USER>' username to authenticate the probe request against the JBoss DMR API.
    INFO Using the '<USER>' username to authenticate the probe request against the JBoss DMR API.

Environment

  • Red Hat Single Sign-On (RH SSO)
    • 7.6.2
  • Red Hat OpenShift Container Platform (OCP)
    • 4.X

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content