ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

certificate auth scheme failing

book

Article ID: 111953

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When configuring X509 certificate authentication, the we see the authentication scheme load but when an authentication attempt is made the following error is logged:

[08/22/2018][09:21:00][3907033968][][][][][][][][][][][][][][LogMessage:ERROR:[sm-LoginLogout-00870] Certificate Authentication Scheme initialization failed, please check your configuration and restart policy server to try again][][][09:21:00.241][2496][SmAuthCert.cpp:4978][][][]

Cause

The x509 auth scheme needs to make CRL requests, which it utilizes the "curl" library for issuing these calls to the CRL service.  One of curl's dependencies is on the Internationalized Domain Name library for working with the domain names for requests.  This library currently is not bundled with the policy server, and if it is missing from the Linux OS the policy server is running on, it will issue this type of error trying to use the x509 auth scheme, even if CRL is not configured to be used. 

Environment

12.52 SP1 CR5
Linux

Resolution

Locate and install the proper "libidn" package for your RedHat linux system.