Hi,

We are trying to integrate clarity with MS Active directory for authentication purpose and we have correctly configured the AD but it fails with below error.

Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address xx.yy.zz.** found

Release : 16.1.1

Component: Clarity Security Integration

The above error originated due to the fact that AD/LDAP server fails to validate the Alternative Names in certificate to the IP of the LDAP/AD server. It is recommended to use the correct Alternative Name configured in certificate for integration.

In Clarity configuration at NSA i.e. LDAP URL instead of using IP xx.yy.zz.**:689 replace it with the FQDN/Hostname which is listed under Subject Alternative Name(SAN) in LDAP/AD certificate.

For example: if SAN in AD/LDAP certificate is host123 the LDAP URL in NSA should be host123:689