Reset Search
 

 

Article

KB14970 - Why does smart card authentication fail when FIPS mode is enabled?

« Go Back

Information

 
Last Modified Date8/1/2015 4:37 AM
Synopsis
What does the Odyssey Access Client (OAC) log message “Cryptographic Provider was not specified as FIPS compliant” mean?
Problem or Goal
When FIPS Mode is enabled OAC ensures that all certificate based authentications are handled with the use of a FIPS compliant Cryptographic Service Provider (CSP). OAC does this by checking the CSP being used against a list of FIPS compliant providers.  If the CSP in use is not in OAC's list of compliant providers, OAC will fail the authentication and insert an error similar to the one below into the debug log.

Example from a level 5 OAC debug log:
Cryptographic Provider "accsp.dll" version "v3, 0, 0, 0" was not specified as FIPS compliant.


Note: Log level 5 is required to see the error message.

 
Cause
Solution
To resolve the issue, choose one of the following two solutions:

Solution 1 (more secure):
The list of compliant Cryptographic Service Providers is located in:
HKEY_LOCAL_MACHINE\SOFTWARE\Funk Software,Inc.\Odyssey\client\configuration\fipsCompliance\providers

To add a new CSP to the list:
  1. First create a new key with the CSP as the name. Using the CSP from our log example the new key would be "accsp.dll".
  2. Under the new key create a string value. The name of the string value would be the version of the CSP noted in the log message. Continuing with our example the name of the string value would be "v3, 0, 0, 0". Note that no data value is required.

Solution 2 (less secure)

In the HKEY_LOCAL_MACHINE\SOFTWARE\Funk Software, Inc.\Odyssey\client\configuration\fipsCompliance set the allProviders registry value to 1.  Setting “allProviders” to 1 forces OAC to assume that all CSPs are FIPS compliant.


Note: Both solutions involve making changes to “HKLM\Software\Funk Software”. These keys are included when an OAC Custom MSI or Settings Update file is created allowing an administrator to apply these changes during install.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255