Clarification regarding FIPS Mode in ra.xml

book

Article ID: 36577

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Introduction

Clarification regarding FIPS Mode in ra.xml

 

Background

ra.xml is the file that's used to hold the connection parameters between Identity Manager and Site Minder. One of these parameters is: FIPS_Mode (where the value can be 'True' or 'False').

Some customers seem to have thought this relates to the Policy Server's FIPS Mode since this file mainly holds info about the policy server.

 

Environment

All

 

Instructions

However, this parameter in fact indicates whether Identity Manager is installed in FIPS Mode or not. Further, based on this value then IDM will know how to decrypt the Password and Shared Secret in this file when connecting with Site Minder. In other words, this parameter is being read by Identity Manager. Based on its value IDM will then use the proper decryption of these other params in order to establish the connection.

 

If there is a mismatch between this value and the actual encryption of these other params in the file you will see a Agent API -1 error (see below):

 

[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService

Thread Pool -- 69) IJ000604: Throwable while attempting to get a new

connection: null: javax.resource.spi.EISSystemException: Cannot connect to

policy server: Failed to init Agent API: -1

at

com.netegrity.ra.policyserver.impl.PSManagedConnectionFactory.createManagedC

onnection(PSManagedConnectionFactory.java:325)

[ims.jar:]

at

 

 

Environment

Release: CAIDMB99000-12.6.7-Identity Manager-B to B
Component: