When using the “Cookie Digest” authentication scheme in a station’s WebService, the required client-side cryptography is supplied by Javascript libraries, rather than the JCA security providers—whether the station is running in FIPS mode or not. These Javascript libraries are not FIPS compliant.

Therefore, if FIPS compliance is strictly required, you must change the “Authentication Scheme” property of the station’s WebService to “Cookie”, which does not use any cryptography (and therefore cannot use any non-FIPS compliant cryptographic algorithms). However, because the “Cookie” authentication scheme sends a user’s credentials to the station in clear text, you should not use this method without also configuring the station’s WebService for HTTPS (TLSv1).