search cancel

Unable To Authenticate FIP USER

book

Article ID: 255828

calendar_today

Updated On:

Products

CA API Gateway CA API Gateway

Issue/Introduction

We have created a user within our FIP and the specified username matches the cn of the certificate being presented to the gateway in the request.  We receive a 401 Authentication Failed error though when executing the 'Authenticate Against Identity Provider' assertion.

Environment

CA API Gateway

Cause

Although we had imported the Root CA certificate which signed the certificate being presented into the gateway trust store it was not added directly into the FIP.

Resolution

Add the Root certificate directly into the FIP.

From policy manager->Right click the Identity Provider and choose 'properties'->Then at the 'Select Trusted Certificates' step be certain to add the Root certificate such that any certificate presented which was signed by the root will be trusted.

Once this was done we could authenticate the user successfully.