Certificate Authentication Scheme Failing on RedHat Linux

book

Article ID: 20040

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 

When configuring X509 CLient certificate authentication scheme on
RedHat Linux, we're getting a failure when we try to authenticate.  In
the smps.log "Failed to initialize authentication scheme 'xxxx' " is
reported.  Where xxxx is the actual name of the Authentication
Scheme. 

How can we trouble shoot this ?

 

Environment

 

Policy Server 12.8 on RedHat 6;

 

Resolution

 

In order to find out the root cause, enable Policy Server tracing.

When Policy Server tracing is enabled we see the following error
message:

  Configuration file not found: '/apps/siteminder/config/SMocsp.conf'
  and also "Error loading libcurl.dll"

Run the command 

  # ldd libcurl.so 

Note: On Solaris / Linux, the file extension is not dll, it's
.so.

Please check that the OS dependent library libidn.so.11 is not missing
in the system. It is loaded by ./lib/libcurl.so.

  ldd ./lib/libcurl.so
  linux-gate.so.1 => (0x006ed000)
  libidn.so.11 => not found
  librt.so.1 => /lib/librt.so.1 (0x001c5000)
  libdl.so.2 => /lib/libdl.so.2 (0x004f1000)
  libz.so.1 => /apps/siteminder/lib/libz.so.1 (0x00406000)
  libc.so.6 => /lib/libc.so.6 (0x001ce000)
  libpthread.so.0 => /lib/libpthread.so.0 (0x0093b000)
  /lib/ld-linux.so.2 (0x00b3c000)

Note: libcurl.so is under <siteminder_home>/lib directory.

As from the ldd output it's clear that libidn.so.11 file is
missing. Install this library (it's an OS library) and stop/start
Policy Server and do the test to insure the issue is solved.