Federation is failing when IIS agent is in FIPS-Migrate mode and Access Gateway agent in FIPS-Compat mode
search cancel

Federation is failing when IIS agent is in FIPS-Migrate mode and Access Gateway agent in FIPS-Compat mode

book

Article ID: 372318

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder)

Issue/Introduction

In an environment that contains a Policy Server, an IIS Web Agent, and an Access Gateway server, the Access Gateway's Federated Web Services (FWS, or also affwebservices) is throwing a 500 error when the IIS Web Agent is running in FIPS-Migrate mode.  The Policy Server is in FIPS-Migrate mode, and the Access Gateway agents are in FIPS-Compat mode. 

Environment

All supported releases

Cause

This is a defect since agents running in FIPS-Compat mode should be able to decrypt values created by agents running in FIPS-Migrate or FIPS-Only mode.  In this case it is an encrypted agentname that FWS is unable to decrypt as part of an Authentication Hub integration use case.    

Resolution

This defect will be addressed in a future release.  If you're running into this problem, please open a support case and request the patch.

Additional Information

DE607130 is the defect reference number.

Powered by Wolken Software