January 06 2022 by Marek Posolda
We are glad to announce that Keycloak 15.0.2 was officially certified as FAPI OpenID Provider! FAPI is a shortcut
for Financial-grade API
and the FAPI compliance means that Keycloak is now officially able to be used in the highly confidential financial based deployments.
Firstly, Keycloak is now certified as FAPI 1 Advanced Final (Generic)
provider. For this generic profile, Keycloak is compliant with all the matrix combinations. This means that Keycloak clients
are allowed to use PAR, JARM, and
client authentication based on Mutual-TLS or JSON Web Token signed by Private Key.
Keycloak is also certified as Brazil Open Banking provider. For this profile, Keycloak is also compliant with all the matrix combinations. We just did not obtain certification for the DCR, which requires more complicated setup including registration with official Brazil institutions. However some Brazil banks, which are customers of Keycloak based product RH-SSO 7.5, were able to obtain DCR certification. So technically, the certification with DCR for any institution using Keycloak or RH-SSO is completely fine.
You can see the Official OpenID Page with the details about the certification. For more details about FAPI support, you can check the Keycloak documentation with the details to setup your own Keycloak deployment to be FAPI compliant.
Keycloak 15.0.2 is also compliant with FAPI CIBA and we are working to officially obtain the certification for this. Moreover, We plan to re-certify Keycloak 15.0.2 with OpenID Connect Core, which Keycloak certified back in 2016.
The FAPI certification was possible just due the awesome work of the FAPI Working Group. Members of this group contributed many features related to FAPI, like Client Policies, CIBA, PAR, JARM and others. I hope that year 2022 will be at least as successful as 2021 and there will be even more contributions related to the FAPI as there are more standards being made and more certifications to be obtained. If you are interested in contributing to the Keycloak FAPI support, you are welcome to join FAPI Working Group. It is community working group and it is opened for anyone to join.