Introduction

Clarification regarding FIPS Mode in ra.xml

Background

ra.xml is the file that's used to hold the connection parameters between Identity Manager and Site Minder. One of these parameters is: FIPS_Mode (where the value can be 'True' or 'False').

Some customers seem to have thought this relates to the Policy Server's FIPS Mode since this file mainly holds info about the policy server.

Environment

All

Instructions

However, this parameter in fact indicates whether Identity Manager is installed in FIPS Mode or not. Further, based on this value then IDM will know how to decrypt the Password and Shared Secret in this file when connecting with Site Minder. In other words, this parameter is being read by Identity Manager. Based on its value IDM will then use the proper decryption of these other params in order to establish the connection.

If there is a mismatch between this value and the actual encryption of these other params in the file you will see a Agent API -1 error (see below):

[org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService

Thread Pool -- 69) IJ000604: Throwable while attempting to get a new

connection: null: javax.resource.spi.EISSystemException: Cannot connect to

policy server: Failed to init Agent API: -1

at

com.netegrity.ra.policyserver.impl.PSManagedConnectionFactory.createManagedC

onnection(PSManagedConnectionFactory.java:325)

[ims.jar:]

at