Hi Martin,
Nice to see your response.
Server version: Apache/2.2.24 (Unix)
Architecture: 64-bit
OS:Linux OEL version 2.6.18-308.el5
Our requirement is to create a Strong Authentication.(X509 cert and Form Authentication)
We are using selectlogin.fcc as the credentical collector.Our User certificate which is a SmartCard has a certificate issued by our Internal Certficate Authority(CA)
Our Apache Webserver is installed with the certificate issued by Verisign.
Here is our SSL Config in Webserver:
# Server Certificate://Certificate recieved from Verisign
SSLCertificateFile "/opt/software/test-emp-red-side-login/auth-service/certs/server.crt"
# Server Private Key:
SSLCertificateKeyFile "/opt/software/test-emp-red-side-login/auth-service/certs/server.key"
# Server Certificate Chain:
SSLCertificateChainFile "/opt/software/test-emp-red-side-login/auth-service/certs/server-chain.crt"
# Certificate Authority (CA)://Root Certificate from Verisign and our Internal CA cert have been added in the bundle cert
#SSLCACertificatePath "/opt/software/test-emp-red-side-login/auth-service/certs/ssl.crt"
SSLCACertificateFile "/opt/software/test-emp-red-side-login/auth-service/certs/ca-bundle.crt"
For Certificate Mapping,We have added the IssuerDn of Smartcard.also the mapping has been created as SamAccountName=%CN%.Also for FormAuthentication we have SamAccountname binded.
Errors noticed in SmAccessLogs:
AuthReject cns006a010 [05/Nov/2013:12:19:44 0000] "10.111.48.218 CN=XXXXXXX,OU=employee,OU=btplc,DC=iuser,DC=iroot,DC=XXXX,DC=com" "wa_dyl00658web01_test-emp-red-side-login GET /auth/redirect.html?authtype=certform&target=https://XXXXXXXXXXXXXXXXX:8443/portalhome/home.html" [] [0] [] [
Logs noticed in Policy Trace logs:
9922][146][11/05/2013][13:07:29][13:07:29.800][Authenticating user.][Sm_Auth_Message.cpp:403][CSm_Auth_Message::AuthenticateUser][wa_dyl00658web01_test-emp-red-side-login][/auth/redirect.html?authtype=certform&target=https://XXXXXXXXXXXxxx:8443/portalhome/home.html][BackendRealm_CertForm][as_playpen_8400_certandform][][][][][
[9922][146][11/05/2013][13:07:29][13:07:29.805][Auth Scheme used: Cert+Forms][SmAuthCert.cpp:3851][getSpecificScheme][][][][Cert+Forms][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
][Start of call Search.][SmDsDir.cpp:338][CSmDsDir::Search][][][][][][][][][][][][Advanced search, Root='DC=iuser,DC=iroot,DC=adidom,DC=com',Filter='(samAccountName=XXXX)'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
][Ldap Search callout succeeds.][SmDsLdapProvider.cpp:2125][CSmDsLdapProvider::Search][][][][][][][][][][][][(Search) Base: 'DC=iuser,DC=iroot,DC=XXXXXXX,DC=com', Filter: '(samAccountName=*********)'. Status: 1 entries][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[Start of call InitUser.][SmDsUser.cpp:95][CSmDsUser::CSmDsUser][][][][][][][][][][][][About to initialize User 'CN=*********,OU=employee,OU=btplc,DC=iuser,DC=iroot,DC=XXXXXXXXXDC=com' in dir 'iuserCAD'][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
][Leave function CSmPasswordCheck::FindApplicablePasswordPolicies][SmPasswordCheck.cpp:566][CSmPasswordCheck::FindApplicablePasswordPolicies][][][][][][][][][][][][][][][true][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
][Authenticating user by the auth scheme][SmAuthUser.cpp:4375][CSmAuthUser::Authenticate][][][][as_playpen_8400_certandform][][][][iuserCAD][XXXXXXX][][][][][][][][][][][][][][][][][][][][][][][rZHR2UPHOkYz8VzR13D28m44Do8=][][CN=*********,OU=employee,OU=XXXXDC=iuser,DC=iroot,DC=XXXX,DC=com][][][][][][][][][][][][][][LDAP://147
][bad input parameters][SmAuthCert.cpp:4066][parseCert][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
[9922][146][11/05/2013][13:07:29][13:07:29.827][Print currentCert.certBinLen: 0][SmAuthCert.cpp:5776][SmAuthenticate][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
][Leave function SmAuthenticate][SmAuthCert.cpp:6173][SmAuthenticate][][][][][][][][][][][][][][][Sm_AuthApi_Reject][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
][Evaluating OnAuthReject policy][Sm_Auth_Message.cpp:800][CSm_Auth_Message::AuthenticateUser][wa_dyl00658web01_test-emp-red-side-login][/auth/redirect.html?authtype=certform&target=https://XXXXXXXXXXXXXXxx:8443/portalhome/home.html][BackendRealm_CertForm][as_playpen_8400_certandform][][][][iuserCAD][605520187][][][][][][][][0000000000000000000000004d4c230a-38a3-5278ed91-