@Jordane said in ERROR: Could not get security token:
Indeed, in the local security strategy of our clients, the FIPS encryption is activated.
But also the option, Configure the types of encryption allowed for Kerberos “AES256 and future”.
These are the options that would block me?
Probably yes. And I really do understand your organization is forcing FIPS compliance.
AES is not compatible with FOG services?
Well, AES is actually a subset of the Rijndael implementation used in the fog-client. So it’s pretty close. I guess we can switch to using AES as I said before but not in a quick move! Needs code changes and testing.
I was going to open an issue report on github to keep track of this but turns out this has been around since a long time already as well as another forum topic (sounds like the fix isn’t that easy…)
Is it possible to disable encryption from fog and the TOKEN function?
No, not right now. One of my future plans was to remove the self made encryption from the fog-client/forproject code but switch to using HTTPS (enforced). This way we’d rely on state of the art crypto done by webservers and system crypto libraries. But that is even further away than switching to AES.
Ideally, it should communicate with clients without encryption.
I don’t get this. Why would you enforce FIPS compliance but then let the communication go unencrypted?!?!? Just doesn’t make sense to me.