Converting from FIPS-140 to normal mode
Converting BMC Atrium Single Sign-On to operate in normal mode, (for example, without FIPS-140 cryptography) is the same process as converting the server to FIPS-140 mode, except the Java Virtual Machine (JVM) does not need to modified prior to triggering the conversion.
To convert to normal mode
- Shut down all integrated products.
If possible, use a firewall to block external access to BMC Atrium Single Sign-On.
- Log on to the BMC Atrium Single Sign-On administrator console.
- On the BMC Atrium SSO Admin Console, click Edit Server Configuration.
- De-select FIPS Mode.
Once the configuration has been successfully saved, the conversion process is triggered in the background. This process cannot be interrupted. Do not stop BMC Atrium Single Sign-On, log on with another Administrator console, log off the current Administrator console, or initiate any other interactions with the server.
This process usually takes around 10 to 20 seconds, depending upon the computer hardware.
Ensure that a successful conversion message is posted.
Be sure that the background task validation process posts a successful conversion message before restoring the original encryption files and non-FIPS-140 library.
- Restore the original encryption files and non-FIPS140 library.
- Stop the BMC Atrium Single Sign-On server.
- Restore the strong encryption file.
- Restore the non-FIPS library.
- Restart BMC Atrium Single Sign-On.
- Verify that the server is properly operating in normal mode by viewing the BMC Atrium Single Sign-On log file (for example, atsso.0.log )
Reconfigure integrated products to operate in normal mode.
All integrated products must be reconfigured to operate in normal mode. These integrated products cannot use BMC Atrium Single Sign-On for authentication until they are synchronized with BMC Atrium Single Sign-On.