cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

App Portal / FIPS

We're having an issue with an AppPortal implementation. After installing AppPortal, we cannot get it to run while FIPS is enabled. I've found this article and have interpreted it as FIPS and App Portal do not function together. Is this correct? Is there not a way to get the two working together?

(1) Solution
Alpesh
By
Flexera Alumni

Yes, that is correct. For AppPortal (AP) to work successfully, the FIPS policy needs to be disabled. There is an open enhancement with our engineering team to make AP work with FIPS enabled in the future.

Hope this helps.

Thanks!

View solution in original post

(7) Replies
Alpesh
By
Flexera Alumni

Yes, that is correct. For AppPortal (AP) to work successfully, the FIPS policy needs to be disabled. There is an open enhancement with our engineering team to make AP work with FIPS enabled in the future.

Hope this helps.

Thanks!

Can we be put on a list to update when this is working? Most of customers are in the federal sphere and there is a good chance we'll encounter this again.

We do have an open enhancement for this, but this has not been implemented yet.. As such, I decided to do a bit of research on the issue.. After doing so, I did find a work around to the issue, which you are welcome to try out... It works in my environment, but I've only done limited testing..

In web.config, you will see a line similar to the following (which I've commented out):

<!--machineKey validationKey="C3E5524DBC4B972C5F4FA16FB69D234542B188AC5143ED1E3BE8A8FF90586FDB0257D59E954BF0450F944DFA50ABC2B889F7A8FBA94EB127ADA9C303A0612DA4" decryptionKey="5A5D488AE12CF73A74852E6C865B2E4093A2E401C69EE27C" validation="SHA1" /-->

After commenting out the above line, try adding the following:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="HMACSHA256" decryption="AES"/>

Once you have done this, perform an iisreset. Once you have made this change, turning on FIPS will not result in an exception. I'll continue to keep this in place in my environment.. If any issues crop up, I'll let you know..

Thanks
Charles
Scratch that .. I started seeing the issue again.. I'll look into this a bit further.

Out of curiosity, is this fix on any roadmap? Customer is trying to get a realisit idea of how long they'll have to keep FIPS diabled.

Hello @dcopher ,

 

Currently we do not have this on the roadmap in the near term due to very few customers needing it. However the priority can change if more customers need this capability. Can you provide the customer name so I can log it to increase the occurrence use cases?

Thank you,
Pratul.

This is critical for all Federal AppPortal accounts.