certificate auth scheme failing
Article ID: 111953
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
When configuring X509 certificate authentication, the we see the authentication scheme load but when an authentication attempt is made the following error is logged:
[08/22/2018][09:21:00][3907033968][][][][][][][][][][][][][][LogMessage:ERROR:[sm-LoginLogout-00870] Certificate Authentication Scheme initialization failed, please check your configuration and restart policy server to try again][][][09:21:00.241][2496][SmAuthCert.cpp:4978][][][]
[08/22/2018][09:21:00][3907033968][][][][][][][][][][][][][][LogMessage:ERROR:[sm-LoginLogout-00870] Certificate Authentication Scheme initialization failed, please check your configuration and restart policy server to try again][][][09:21:00.241][2496][SmAuthCert.cpp:4978][][][]
Environment
12.52 SP1 CR5
Linux
Linux
Cause
The x509 auth scheme needs to make CRL requests, which it utilizes the "curl" library for issuing these calls to the CRL service. One of curl's dependencies is on the Internationalized Domain Name library for working with the domain names for requests. This library currently is not bundled with the policy server, and if it is missing from the Linux OS the policy server is running on, it will issue this type of error trying to use the x509 auth scheme, even if CRL is not configured to be used.
Resolution
Locate and install the proper "libidn" package for your RedHat linux system.
Feedback
Yes
No
Powered by
