Setting Up pgAdmin4 on Red Hat Enterprise Linux 7 with FIPS Mode Enabled

Configuration:
Red Hat Enterprise Linux 7.7 system with FIPS mode enabled
# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017

]# cat /proc/sys/crypto/fips_enabled
1

PostgreSQL and pgAdmin4 installed from the latest yum repositories
rpm -import https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-12
yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install postgresql12-server postgresql12-docs postgresql12-contrib pgadmin4 mod_ssl

Issue:
When I run the setup command:
# /usr/pgadmin4/bin/pgadmin4-web-setup.sh

I receive the following output:
NOTE: Configuring authentication for SERVER mode.

Enter the email address and password to use for the initial pgAdmin user account:

Email address: Xxxxx(dot)Xxxxxxxx(at)xxxx(dot)gov
Password:
Retype password:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pgadmin4-web/setup.py", line 413, in <module>
setup_db()
File "/usr/lib/python2.7/site-packages/pgadmin4-web/setup.py", line 347, in setup_db
app = create_app()
File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/__init__.py", line 330, in create_app
db_upgrade(app)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/setup/db_upgrade.py", line 25, in db_upgrade
flask_migrate.upgrade(migration_folder)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_migrate/__init__.py", line 95, in wrapped
f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_migrate/__init__.py", line 280, in upgrade
command.upgrade(config, revision, sql=sql, tag=tag)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/command.py", line 254, in upgrade
script.run_env()
File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/script/base.py", line 425, in run_env
util.load_python_file(self.dir, 'env.py')
File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/util/pyfiles.py", line 81, in load_python_file
module = load_module_py(module_id, path)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/util/compat.py", line 141, in load_module_py
mod = imp.load_source(module_id, path, fp)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/setup/../../migrations/env.py", line 94, in <module>
run_migrations_online()
File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/setup/../../migrations/env.py", line 87, in run_migrations_online
context.run_migrations()
File "<string>", line 8, in run_migrations
File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/runtime/environment.py", line 836, in run_migrations
self.get_context().run_migrations(**kw)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/runtime/migration.py", line 330, in run_migrations
step.migration_fn(**kw)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/migrations/versions/fdc58d9bd449_.py", line 122, in upgrade
Security(current_app, user_datastore, register_blueprint=False)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 469, in __init__
self._state = self.init_app(app, datastore, **kwargs)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 504, in init_app
anonymous_user=anonymous_user)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 332, in _get_state
hashing_context=_get_hashing_context(app),
File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 313, in _get_hashing_context
deprecated=deprecated)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 1401, in __init__
self.load(kwds)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 1592, in load
config = _CryptConfig(source)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 634, in __init__
self._init_scheme_list(source.get((None,None,"schemes")))
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 652, in _init_scheme_list
handler = get_crypt_handler(elem)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/registry.py", line 350, in get_crypt_handler
mod = __import__(modname, fromlist=[modattr], level=0)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/handlers/digests.py", line 72, in <module>
hex_md5 = create_hex_hash("md5")
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/handlers/digests.py", line 55, in create_hex_hash
info = lookup_hash(digest)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/crypto/digest.py", line 298, in lookup_hash
info = HashInfo(const, name_list)
File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/crypto/digest.py", line 403, in __init__
hash = const()
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
Error setting up server mode. Please examine the output above.

Investigation:
Issue appears to be related to a default of the prohibited hash algorithm md5.
I have searched the web, read the FAQs and documentation without finding any definitive answers.
After stepping through the python code with pdb, it appears something is trying to create an md5 hash for the default password.

Questions:

1. Is it possible to setup pgAdmin4 (4.18) on a RHEL7 system with FIPS mode enabled?
2. Where can I find guidance on setting up pgAdmin4 on a FIPS enabled system?

Thank you,
David A. Deaderick III
Infrastructure Engineering IT Specialist
Capacity and Performance Engineering (005OP2D)
VA OI&T Enterprise Program Management Office
Office: (727) 502-1313 (Tue Wed Thu)
Office: (941) 359-2010 (Mon Fri)
Mobile: (727) 417-7593