FIPS Compliance
”An unexpected error has occured”
SharePoint is not at all friendly with FIPS. Recently I faced this issue at my customer's place. I have tried all possible ways to get my site running and I ended up with the below issue.
“An exception occurred when trying to issue security token: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
Checked the current status of FIPS.
I have never faced this issue in my development environment so far. I had to dig up and found what it really is.
FIPS standards are issued to establish requirements for various purposes such as ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist.
Solution
SharePoint does not work with FIPS and this should be disabled.
1. Start the Group Policy Object Editor tool (gpedit.msc).
2. In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then select Security Options.
3. In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
4. In the dialog box that opens, select Disabled and click OK.
5. Restart the computer.
Cheers :)
Hi Anoop,
ReplyDeleteA question for you. As per the ODAA guidelines 4.8 , FIPS must be enabled on the Windows OS. Did your customer get an exemption ? At some point there will be DSS security inspection on the IS. I am on exactly on the same situation and I can't disable the FIPS since it is a requirement.
Thanks
Dear Prab,
DeleteThank you for pointing out the guidelines. I have discussed with my client about the issue and requested for an approval for disabling FIPS. My client is having a dedicated Microsoft team and based on their policies, I got the approval. I am not sure about the internal security policies in this regard.
I would like to know more about this and will be happy if you could give me more insight on this. Please reach me at anoopvgnr@gmail.com.
Dear Team,
ReplyDeleteHave anyone worked on Reverse Proxy for SharePoint?