CA Single Sign-On Agent for SAP WebAS logs "The Shared Secret has not been encrypted with FIPS Compliant AES Algorithm" and will not connect to the policy server.
Applies to all supported platforms for the 12.0 Agent for SAP WebAS. Supported platforms and versions are listed in the SAP WebAS ERP agent platform support matrix located at:
In the 12.0 version of this agent, the agent code no longer supports the 4x agent shared secret value as plain text, or a non FIPS compliant encrypted string.
In order for the 12.0 SAP WebAS ERP Agent to be able to connect successfully to the policy server, the 4x agent shared secret string must be encrypted using NPSEncrypt with the –fips switch. An example of how to encrypt a shared secret value of “passphrase” correctly is as follows:
NPSEncrypt –fips passphrase
The resulting encrypted value will begin with [NDSEnc-AES] indicating that it is a FIPS compliant shared secret.