Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to enable FIPS mode on latest Node 18 LTS

See original GitHub issue

Package Name: @azure/identity
Package Version: 3.0.0
Operating system: Windows 11 22H2
nodejs
- version: 18.12.0
browser
- name/version: N/A
typescript
- version: 4.8.4
Is the bug related to documentation in
- README.md
- source code documentation
- SDK API docs on https://docs.microsoft.com

Describe the bug After FIPS mode is enabled with crypto.setFips(true) the module is now unable to authenticate to Azure AD.

To Reproduce Steps to reproduce the behavior:

Add crypto.setFips(true) to the top of your app and ensure the latest LTS release of Node.JS is installed (18.12.0 at the time of this wiring)

Expected behavior Successful authentication should happen, regardless of if FIPS mode is enabled or not.

Screenshots Screenshot of error in terminal

Additional context Here is the error that happens after FIPS is enabled:

ChainedTokenCredential authentication failed.
CredentialUnavailableError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientConfigurationError: untrusted_authority: The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.
node:internal/process/promises:288
            triggerUncaughtException(err, true /* fromPromise */);
            ^

AggregateAuthenticationError: ChainedTokenCredential authentication failed.
CredentialUnavailableError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientConfigurationError: untrusted_authority: The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.
    at C:\GitHub\**Redacted**\Server\node_modules\@azure\identity\dist\index.js:2657:29
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Object.withSpan (C:\GitHub\**Redacted**\Server\node_modules\@azure\identity\node_modules\@azure\core-tracing\dist\index.js:140:28)

Node.js v18.12.0

Issue Analytics

State:
Created a year ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

elliot-huffmancommented, Nov 7, 2022

I’ll build a once off test project and get the results back here.

0reactions

elliot-huffmancommented, Nov 27, 2022

Just ran a test and I was able to retrieve an access token while in FIPS mode, this is most likely an issue with the Microsoft Graph client. I will open a ticket with them. Here is the code I ran to get the Access Token (Using VS Code’s auth session):

import { DefaultAzureCredential } from "@azure/identity";
import * as crypto from "crypto";

// @ts-ignore
crypto.setFips(true);

const credential = new DefaultAzureCredential();

credential.getToken("https://graph.microsoft.com").then(
    (results) => {
        console.log(results);
        console.log(crypto.getFips());
    }
);

Top Results From Across the Web

FIPS 140-2 compliancy using existing certified libraries #37072

So I've tried this with three branches of node (latest, v14.x and v12.x) and I'm failing on what appears to be the #35213...

1847529 – [RFE] Enable '--enable-fips' option for nodejs

Trying just simple test cases, this is my experience: ~~~ $ node --enable-fips node: bad option: --enable-fips $ node --force-fips node: bad option:...

Ubuntu FIPS 140-2 Modules FAQ

How do I enable FIPS 140 on an Ubuntu LTS release? By default Ubuntu does not contain FIPS validated packages. To enable FIPS...

FIPS compliance - GitLab Docs

Where functionality cannot be brought into compliance, it must be disabled when FIPS mode is enabled. Leveraged Cryptographic modules. Cryptographic module name ...

NCC checks - Nutanix Support Portal

Detailed information for same_hypervisor_version_check: Node x.x.x.x: ERR : cluster (arithmos_id: Y) : Unable to get hypervisor type/version ...