000021402 - Certificate authentication problem unknown user error in RSA ClearTrust 5.5.2

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021402
Applies ToSun Java System Web Server 6.1
RSA ClearTrust 5.5.2
Sun Solaris 2.8
IssueCertificate authentication problem unknown user error in RSA ClearTrust 5.5.2
Aserver log shows the following:

11:29:47:236 [*] [MUXWORKER-17] -       user: {CLIENT_VERSION=5, SC_GET_TOKEN_CONTENTS=true, SC_USER_DN=/C=US/O=CAISO/OU=Test/CN=CTUser_Valid3, SC_CERT=true, AUTHENTICATION_TYPE=SC_USER_CHECK, SC_CLIENT_IP=xxx.xxx.xxx.xxx, SC_SECURID_STATUS=127, SC_END_USER_IP=xxx.xxx.xxx.xxx}
Admin GUI cert DN shows the following:

C=US, O=CAISO, OU=Test, CN=CTUser_Valid3
CauseThe cert DNs differ by the delimiter of either "/" or ","
ResolutionWithin the webagent.conf file there is the following entry:

# Sets the delimiter used to separate user certificate DN attributes.
# Attributes may be delimited with '/' instead of the usual comma ','. In order
# for certificate authentication to work properly in this case, the delimiter
# must be converted to ',' to match the certificate DN value configured in the
# RSA ClearTrust data store.
#
# Allowed Values:
#   True     Convert the DN delimiter from '/' to ','.
#   False    Leave the DN delimiter as is.
#
cleartrust.agent.convert_certificate_dn_delimiter=False

Set the parameter to true to convert the cert DN delimiter value
Legacy Article IDa22761

Attachments

    Outcomes