Federation Manager Guide › Migrate Federation Manager to Use FIPS Encryption › FIPS Migration Issues to Consider

FIPS Migration Issues to Consider

Be aware of the following issues before you migrate to FIPS_Only mode:

• If you deploy Federation Manager in FIPS_ONLY mode with the SiteMinder Connector enabled, the back-end SiteMinder system must be version r12x and be operating in FIPS_ONLY mode.

  If the SiteMinder system is r6.0 SP5, this system does not support FIPS-compatible operations, so Federation Manager cannot operate in FIPS_ONLY mode.

• Federation Manager releases prior to r12.1 do not support FIPS-approved encryption algorithms for private key generation. These releases support only MD5 as the signature algorithm for private key generation, which is not an approved FIPS algorithm.

  If you have private keys that use only MD5 as the signature algorithm, take the following actions at both sites in a partnership:

  • Generate new private keys
  • Get new certificates
  • Update all required partnerships with the new public keys.