Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
After replacing the eSP proxy certificate, users began having issues authenticating and were receiving a "100101043" error indicating that the IDP (Identity Provider) could not load the eSP metadata. The error "Unsupported or unrecognized SSL message" appeared in the catalina log.
Products
Access Manager (NAM)
Environment
Access Manager 5.0.2
Situation
The eSP (Embedded Service Provider) proxy certificate was replaced and users began complaining of authentication issues.
The user would receive a "100101043" error indicating that the IDP (Identity Provider) could not load the eSP metadata.
Cause
This metadata was being requested from the wrong URL.
Unable to load metadata for Embedded Service Provider: https://apps.example.com.au:80/nesp/idff/metadata
The request should be http or the port should be 443
e.g
http://apps.example.com.au:80/nesp/idff/metadata
or
https://apps.example.com.au:443/nesp/idff/metadata
This was not a configuration issue, this was caused by some underlying linking issue with the eSP and new certificate and was corrected by reassigning the proxy to the eSP and updating all Access Gateways.
Read Full Knowledge Base Article for Resolution
URL Name
KM000016311