search cancel

WAMUI - FIPS mode enabled : false


Article ID: 112168


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We completed the PS and WAMUI (and Agents) to FIPS-only mode.

* smps.log shows
"[CServer.cpp:4190][INFO][sm-Server-04450] Policy Server employing only FIPS-140 cryptographic algorithms."
* agent log shows
"FIPS 140 Cryptographic Mode is 'full-FIPS'."
* WAMUI server.log shows
WARN [ims.default] (MSC service thread 1-5) ** FIPS mode enabled : false" We also verified that we can login to WAMUI successfully and WA protects resources correctly.

Why does server.log show "** FIPS mode enabled : false" for AdminUI?

FIPS Modes - Policy Server:

  • COMPAT - Communications in Non-Fips Mode or FIPS Mode. New connections will be attempted in Non-FIPS Mode first. Encryption to Policy Store or User Store will be written with Non-FIPS Algorithms.
  • Migrate - Communications in Non-Fips mode or FIPS Mode. New connections will be attempted in FIPS Mode first. Encryption to Policy Store or User Store will be written with FIPS Algorithms.
  • FIPS Only - Communications will only be done with FIPS Algorithms. Encryption to Policy Store or User Store will be written with FIPS Algorithms.

FIPS Modes - Agent and AdminUI:

  • Non-FIPS - Communications in Non-Fips Mode. Connections/encryption will only be attempted in Non-FIPS Mode.
  • FIPS Only - Communications will only be done Fips Mode. Connections/encryption will only be attempted in FIPS Mode.


Component: SMPLC


WAMUI set MIGRATE mode to communicate with Policy Server on both FIPS& non-FIPS mode. By default, ra.xml shows FIPSMode as false unless Policy Server set FIPS Only mode and you want to set FIPS Only Mode.
You can check C:\Program Files\CA\siteminder\adminui\standalone\data\siteminder\*.conf file for detail. We found useful community article discussed about FIPS mode which might help you with more detail.

To enforce WAMUI from Migrate mode to FIPS-Only mode, set below property to true.

C:\Program Files\CA\siteminder\adminui\standalone\deployments\iam_siteminder.ear\policyserver.rar\META-INF\ra.xml


After restart service, the changed message can be found from server.log.

server.log will show FIPS mode enabled : true.