Administer > System security > FIPS mode > Configuring FIPS mode in Service Manager > Configure FIPS mode in the IdM Service

Configure FIPS mode in the IdM Service

Note This step is required only when you want to implement SAML Single Sign-On (SSO) for Service Manager. For more information about SAML SSO, see SAML Single Sign-On.

Prerequisites

Before you proceed, make sure of the following:

  1. You have already configured the IdM JRE for FIPS mode. For details, see the IdM service section in Configure Java for FIPS mode.

  2. You have already generated a CA certificates file and a client keystore for the IdM service host. For details, see Generate FIPS validated certificates for the SM Server and other components.

    • The CA certificates file: \certs\smcacerts.p12
    • The SM Server trusted clients keystore: \certs\trustedclients.p12
    • The IdM keystore file: \key\sun-sun-<IdM host FQDN>.p12 (for example, sun-sun-idmservicehost.mycompany.net.p12)

      Note This keystore will be used to encrypt IdM keys and passwords, and is therefore referred to as the "encryption keystore".

  3. You have enabled FIPS mode on the SM Server side. For details, see Configure FIPS mode in the Server.
  4. You have installed the identity provider (ADFS) and exported the public key of the ADFS certificate to a .cer file (for example, Per_ADFS.cer). For information about how to export the ADFS certificate, see Install and configure the HPE Identity Manager service.

Steps to enable FIPS mode in the IdM service

To enable FIPS mode in the IdM service, perform the following tasks.