Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
466 views

Certification path could not be validated


We are currently working for a customer (ICAP / EBS) with Access Manager
version 3.1 sp5 (Latest patch)

NAM 3.1.5-42
Identity Server 3.1.5.42
Access Gateway 3.1.5-42-6C61D19AC0408ED9

We are encountering the following issue with the Password + certificate
users:

User authenticate using Password first (works fine) the user is prompted
for certificate (pick the wrong one for testing purpose) but still get's
authenticated to the application, the subject name of the wrong
certificate get's added to the sasAllowableSubjectNames attribute.

We have then remove this option by unchecking: Auto Provision X509 but
then as soon as we authenticate we get the following error: User
Certificate Authentication Failed Certification path could not be
validated. I am attaching the log file to this request so that you can
take a look at it, we have enable the full log of the IDP server in
order to gather as much information as we can.


+----------------------------------------------------------------------+
|Filename: NIDP.2014-12-03.doc.zip |
|Download: https://forums.netiq.com/attachment.php?attachmentid=229 |
+----------------------------------------------------------------------+

--
bic9286
------------------------------------------------------------------------
bic9286's Profile: https://forums.netiq.com/member.php?userid=1334
View this thread: https://forums.netiq.com/showthread.php?t=52357

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Certification path could not be validated

bic9286,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.netiq.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.netiq.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.netiq.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your NetIQ Forums Team
http://forums.netiq.com


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Certification path could not be validated


bic9286;251768 Wrote:
> We are currently working for a customer (ICAP / EBS) with Access Manager
> version 3.1 sp5 (Latest patch)
>
> NAM 3.1.5-42
> Identity Server 3.1.5.42
> Access Gateway 3.1.5-42-6C61D19AC0408ED9
>
> We are encountering the following issue with the Password + certificate
> users:
>
> User authenticate using Password first (works fine) the user is prompted
> for certificate (pick the wrong one for testing purpose) but still get's
> authenticated to the application, the subject name of the wrong
> certificate get's added to the sasAllowableSubjectNames attribute.
>
> We have then remove this option by unchecking: Auto Provision X509 but
> then as soon as we authenticate we get the following error: User
> Certificate Authentication Failed Certification path could not be
> validated. I am attaching the log file to this request so that you can
> take a look at it, we have enable the full log of the IDP server in
> order to gather as much information as we can.


I haven't looked at the log file, but I'm having trouble understanding
your setup.

It sounds like you're not using the default Secure Name/Password Form
contract and are maybe using .x509 Authentication Contract instead?

--Kevin


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=52357

0 Likes
bic9286 Absent Member.
Absent Member.

Re: Certification path could not be validated


Problem solve and was related to the Extended Key Usage that was set to
Critical and that didn't need to.

All authentication is now working as expected.


--
bic9286
------------------------------------------------------------------------
bic9286's Profile: https://forums.netiq.com/member.php?userid=1334
View this thread: https://forums.netiq.com/showthread.php?t=52357

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.