certificate auth scheme failing
search cancel

certificate auth scheme failing


Article ID: 111953


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


When configuring X509 certificate authentication, the we see the authentication scheme load but when an authentication attempt is made the following error is logged:

[08/22/2018][09:21:00][3907033968][][][][][][][][][][][][][][LogMessage:ERROR:[sm-LoginLogout-00870] Certificate Authentication Scheme initialization failed, please check your configuration and restart policy server to try again][][][09:21:00.241][2496][SmAuthCert.cpp:4978][][][]


12.52 SP1 CR5


The x509 auth scheme needs to make CRL requests, which it utilizes the "curl" library for issuing these calls to the CRL service.  One of curl's dependencies is on the Internationalized Domain Name library for working with the domain names for requests.  This library currently is not bundled with the policy server, and if it is missing from the Linux OS the policy server is running on, it will issue this type of error trying to use the x509 auth scheme, even if CRL is not configured to be used. 


Locate and install the proper "libidn" package for your RedHat linux system.