MFA (Certificate) Authentication Failing from Extranet

Hi, we have set up ADFS3 and WAP. ADFS3 configured to require MFA (Certificate) from both Intranet and Extranet. We are using our own CA and the root CA is installed on the WAP in Trusted Root CA store. The certificate port of 49443 is open from the Internet
and also inward from the WAP to the ADFS3 server, as is 443.
When we test we can use MFA from the Intranet, but when we try the same from the Internet (Extranet) we get the Forms Logon page okay, enter our user details, select our user cert, and then we get a 403 error - The Website declined to show the web page.
The CRL is resolvable from the Internet, and can be reached okay...
Is there something we have missed please?
Thank you for any help.
Phil

Hi Steve,
Yes, I have restarted both ADFS and WAP Servers.
As a further update, I have even purchased an SSL cert from Comodo to check it this is a Public\Private CA issue, and I still get the same 403 error... I have even tried configuring the backend Web Site (SharePoint in this case) to allow Anonymous authentication,
just to see if I could get to the site via the WAP, but I still get the same 403 error... Its strange because the URL is still pointing to the Web Address of the ADFS server when I get the 403... Its difficult to see as there arent any IIS logs either now...
Thanks 
Phil

Similar Messages

  • Installation error: Certificate authentication failed

    Hard drive crashed. Restoring files on new drive, Keep getting "Certificate authentication failed" when trying to install Adobe Reader. How do I fix that?

    Use the offline installer from http://get.adobe.com/reader/enterprise/

  • Reader download error "certificate authentication failed"

    I'm trying to download the latest version of Reader but keep coming up with the error message "certificate authentication failed".
    Any help?

    Try downloading the offline installer from http://get.adobe.com/reader/enterprise/

  • Get message, "certificate authentication failed" when downloading

    Get message "certificate authentication failed" when downloading Adobe flash

    Download and run the offline installers
    Flash Player: http://helpx.adobe.com/content/help/en/flash-player/kb/installation-problems-flash-player- windows.html#main-pars_header
    Adobe Reader: http://get.adobe.com/reader/enterprise/

  • SSLVPN with iPhone Anyconnect and Cisco IOS Router, Certificate Authentication failed

    Hello,
    i have a problem regarding the authentication with a certificate from the iPhone Anyconnect 2.5 Client to a 1802 Cisco Router.
    Cisco 1802 Router:
    Cisco IOS Software, C180X Software (C180X-ADVENTERPRISEK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)
    First i configured SSLVPN with username and password, in this configuration the Anyconnect Client of my iPhone works.
    then i enrolled a certificate from my Windows 2008 R2 CA to the Router with the Attributes: Server Authentication and IPSEC
    and i enrolled a certificate for my iPhone with Client Authentication and IPSEC
    after a bunch of time ( i realy could not find a really good documentation on how to do this) i got it done, in the webvpn context configuration i made this changes here:
    no aaa authentication list default
    authentication certificate
    ca trustpoint CA
    as the "SSL VPN Configuration Guide, Cisco IOS Release 15.1M&T" says: if i want only certificate authentication i had to user the "authentication certificate" command and thats it.
    as i look into the debugs it seems to me that the Router accepts the certificate of the iPhone, but then i receive a window on the iphone that wants an additional username and password authentication, and no matter what i enter there's always the same dialog coming back..
    any ideas what the problem could be???
    here is the configuration:
    webvpn gateway WEBVPN_GW_OFFICE2
    ip interface Dialer0 port 1444
    ssl trustpoint CA
    inservice
    webvpn install svc flash:/webvpn/sslclient-win-1.1.4.179.pkg sequence 1
    webvpn install svc flash:/webvpn/anyconnect-win-3.0.4235-k9.pkg sequence 2
    webvpn install svc flash:/webvpn/anyconnect-dart-win-2.5.3055-k9.pkg sequence 3
    webvpn context WEBVPN_CONTEXT2
    secondary-color white
    title-color #669999
    text-color black
    ssl authenticate verify all
    policy group WEBVPN_POLICY2
       functions svc-enabled
       mask-urls
       svc address-pool "SSLVPN_OFFICE1"
       svc default-domain "domain.internal"
       svc keep-client-installed
       svc split include 192.168.0.0 255.255.0.0
       svc dns-server primary 192.168.53.33
       svc dns-server secondary 192.168.53.35
    virtual-template 3
    default-group-policy WEBVPN_POLICY2
    gateway WEBVPN_GW_OFFICE2
    authentication certificate
    ca trustpoint CA
    inservice
    here is the debug:
    OfficeRouter1# PASSING appctx is [0x89FAFFCC]
    Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
    Nov 19 22:39:53.507: WV: sslvpn process rcvd context queue event
    Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
    Nov 19 22:39:53.607: WV: Entering APPL with Context: 0x86529380,
          Data buffer(buffer: 0x86543A40, data: 0x15A07AB8, len: 469,
          offset: 0, domain: 0)
    Nov 19 22:39:53.607: WV: http request: / with no cookie
    Nov 19 22:39:53.607: WV: validated_tp : CA cert_username :  matched_ctx :
    Nov 19 22:39:53.607: WV: Received appinfo
    validated_tp : CA, matched_ctx : ,cert_username :
    Nov 19 22:39:53.607: WV: Trustpoint match successful
    Nov 19 22:39:53.607: WV: Extracted username:  pass: ?
    Nov 19 22:39:53.607: WV: Client side Chunk data written..
    buffer=0x86543640 total_len=661 bytes=661 tcb=0x8811FE60
    Nov 19 22:39:53.607: WV: Appl. processing Failed : 2
    Nov 19 22:39:53.607: WV: sslvpn process rcvd context queue event
    BueroRouter1# PASSING appctx is [0x89FAEEC4]
    Nov 19 22:40:24.028: WV: sslvpn process rcvd context queue event
    Nov 19 22:40:24.032: WV: sslvpn process rcvd context queue event
    Nov 19 22:40:24.132: WV: sslvpn process rcvd context queue event
    Nov 19 22:40:24.132: WV: Entering APPL with Context: 0x86529380,
          Data buffer(buffer: 0x86543A40, data: 0x160C4038, len: 469,
          offset: 0, domain: 0)
    Nov 19 22:40:24.132: WV: http request: / with no cookie
    Nov 19 22:40:24.132: WV: validated_tp : CA cert_username :  matched_ctx :
    Nov 19 22:40:24.132: WV: Received appinfo
    validated_tp : CA, matched_ctx : ,cert_username :
    Nov 19 22:40:24.132: WV: Trustpoint match successful
    Nov 19 22:40:24.132: WV: Extracted username:  pass: ?
    Nov 19 22:40:24.132: WV: Client side Chunk data written..
    buffer=0x86543640 total_len=661 bytes=661 tcb=0x88D11EEC
    Nov 19 22:40:24.136: WV: Appl. processing Failed : 2
    Nov 19 22:40:24.136: WV: sslvpn process rcvd context queue event
    Nov 19 22:40:39.764: WV: sslvpn process rcvd context queue event
    Nov 19 22:40:39.880: WV: sslvpn process rcvd context queue event
    Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event
    Nov 19 22:40:39.892: WV: Entering APPL with Context: 0x86529380,
          Data buffer(buffer: 0x86543A40, data: 0x1616FD38, len: 610,
          offset: 0, domain: 0)
    Nov 19 22:40:39.892: WV: http request: /webvpn.html with domain cookie
    Nov 19 22:40:39.892: WV: validated_tp :  cert_username :  matched_ctx :
    Nov 19 22:40:39.892: WV: Received appinfo
    validated_tp : CA, matched_ctx : ,cert_username :
    Nov 19 22:40:39.892: WV: Trustpoint match successful
    Nov 19 22:40:39.892: WV: Client side Chunk data written..
    buffer=0x86543640 total_len=607 bytes=607 tcb=0x88D11EEC
    Nov 19 22:40:39.892: WV: Appl. processing Failed : 2
    Nov 19 22:40:39.892: WV: sslvpn process rcvd context queue event

    http://www.cisco.com/en/US/products/ps8411/products_qanda_item09186a00809aec31.shtml
    HI,
    Refer to
    AnyConnect VPN Client FAQ
    Q. Is it possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router?
    A. No. It is not possible to connect  the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router.  AnyConnect on iPad/iPhone can connect only to an ASA that runs version  8.0(3).1 or later. Cisco IOS is not supported by the AnyConnect VPN  Client for Apple iOS. For more information, refer to the Security Appliances and Software Supported section of the Release Notes for Cisco AnyConnect Secure Mobility Client 2.4, Apple iOS 4.2 and 4.3.

  • Client certificate authentication fails when the CA list sent by server is big and the list goes in 2 encrypted messages.

    I checked with IE browser(on windows and MAC) and MAC safari packet capture. The CA certificate list is sent by server in 2 messages as the list is too big. I compared packet by packet exchanges in both the browsers. It is same till TLSv1 handshake is done for the ldap certificate authentication. It works fine in IE without any issues though the certificate list is divided into 2 messages.
    In case of safari, after the TLSv1 handshake is done successfully, it again sends a SSLv3 'Client Hello' message and initiates the whole handshake process again and the server responds to it too till the handshake is complete. But it brakes after that with the server showing 'Cant establish secure connection' at the browser.
    The issue occurs only in case of MAC safari for big list of CA certs >150(where it crosses the max limit) from server. It is not clear why safari alone is switching from TLSv1 to SSLv3 in this scenario.
    NOTE: With shorter list of CA certs at server when it goes in one message, safari works fine and all messages are only TLSv1 and does not repeat the handshake process.
    I have checked on safari version 5 and 6.0.3 on OS X mountain lion.
    Is there any specific reason why MAC safari behaves like this or somethings needs to be done at server?
    Any help would be appreciated.

    I checked with IE browser(on windows and MAC) and MAC safari packet capture. The CA certificate list is sent by server in 2 messages as the list is too big. I compared packet by packet exchanges in both the browsers. It is same till TLSv1 handshake is done for the ldap certificate authentication. It works fine in IE without any issues though the certificate list is divided into 2 messages.
    In case of safari, after the TLSv1 handshake is done successfully, it again sends a SSLv3 'Client Hello' message and initiates the whole handshake process again and the server responds to it too till the handshake is complete. But it brakes after that with the server showing 'Cant establish secure connection' at the browser.
    The issue occurs only in case of MAC safari for big list of CA certs >150(where it crosses the max limit) from server. It is not clear why safari alone is switching from TLSv1 to SSLv3 in this scenario.
    NOTE: With shorter list of CA certs at server when it goes in one message, safari works fine and all messages are only TLSv1 and does not repeat the handshake process.
    I have checked on safari version 5 and 6.0.3 on OS X mountain lion.
    Is there any specific reason why MAC safari behaves like this or somethings needs to be done at server?
    Any help would be appreciated.

  • 6.1 SP 2 certificate authenticator fails with Apache plugin and SSL

    Hi,
    Does anybody have a certificate authenticator working in WebLogic 6.1
    SP 2, in combination with the Apache HTTP Server plugin and SSL?
    We implemented a certificate authenticator that works correctly in
    WebLogic 6.1 SP 2 when we configure SSL with "Client Certificate
    Required", and access it directly from a browser (the browser hits the
    SSL port of the WebLogic server, like 7002).
    This certificate authenticator also works correctly with a proxy web
    server. We set up a Stronghold server (web server based on Apache) on
    Linux with the Apache HTTP Server plugin from BEA, configured the
    plugin to use SSL, and configured our WebLogic 6.1 SP 1 server without
    "Client Certificate Required". The certificate authenticator gets the
    end user's certificate correctly.
    This same architecture with the proxy web server does not work when we
    upgrade the WebLogic Server to SP 2. WebLogic Server logs the
    "incorrect or missing client cert" error, our certificate
    authenticator is never called, and the browser gets a 401 Unauthorized
    error.
    We looked all over the WebLogic 6.1 SP 2 installation for a newer
    version of the plugin (mod_wl_ssl.so) and found the same version as SP
    1. We double-checked that it was the Linux-specific installer
    (because we'd found that some Linux libraries are missing from the
    generic installer). So it appears to us that the plugin encodes the
    certificate in the request header in such a way that a SP 1 server can
    extract it, but an SP 2 server cannot. We were wondering whether
    there might be changes to the plugin to stay in step with the SP 2
    server that never got ported to Linux, or whether an updated Linux
    plugin never got included in the installer packages.
    So: has anybody gotten a system like
    Apache/Stronghold + WebLogic Plugin <-- SSL --> WebLogic 6.1 SP 2 +
    Cert Auth
    to work?
    Thanks in advance for any help,
    Jim Doyle
    [email protected]

    A correction, I think:
    Now that I rolled back a system to 6.1 SP 1, it looks like 6.1 SP 1
    does include a different mod_wl_ssl.so from that in SP 2. I believe I
    was comparing the wrong file. In fact, trying to compare versions of
    the mod_wl_ssl.so makes things rather confusing:
    A mod_wl_ssl.so from a straight weblogic610sp2_generic.zip install has
    a cksum of "1853014778 1132467".
    A mod_wl_ssl.so from a weblogic610sp1_generic.zip install with a
    subsequent SP 2 upgrade install has a cksum of "1350917183 1147927".
    A mod_wl_ssl.so from a plain 6.1 install with subsequent SP 1 and SP 2
    upgrade installs, followed by an SP 2 uninstall and another SP 1
    upgrade install, has a cksum of "1471948065 1136501".
    I think I may be looking at three different plugin versions here: 6.1,
    6.1 SP 1, and 6.1 SP 2, assuming the upgrade installs don't actually
    change mod_wl_ssl.so. I'm not sure whether there's an easier way to
    verify what version of the plugin you have.
    In any case, we did try each plugin version, and none of them works
    against a 6.1 SP 2 WebLogic server.
    Jim
    [email protected] (Jim Doyle) wrote in message news:<[email protected]>...
    [snip]
    We looked all over the WebLogic 6.1 SP 2 installation for a newer
    version of the plugin (mod_wl_ssl.so) and found the same version as SP
    1. We double-checked that it was the Linux-specific installer
    (because we'd found that some Linux libraries are missing from the
    generic installer). [snip]

  • Discussion Server Authentication Failed From Inside FMW App

    Hi Community,
    My Env:
    Webcenter 11.1.1.3.0
    Weblogic 10.3.3
    The discussion server shipped with webcenter suite is Jive Forums Silver 5.5.20 .2-oracle.
    I wired the discussion server to embedded LDAP server of my weblogic server, and deployed an app that utilize the discussion service.
    But when accessing the app page, I got an exception "failure to authenticate the user pbrown, due to: Authentication Failed".
    The users do exist in LDAP server and I can login to http://server:8890/owc_discussions page with that users, I also granted all privileges to the users in jive console, but it doesn't work inside the app.
    My Jive server log:
    [2010-09-05T23:21:22.816-07:00] [WLS_Services] [ERROR] [] [org.codehaus.xfire.handler.DefaultFaultHandler] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [ecid: 0000If_hC7s5e_Vau1q2UH1CWBaI0000E_,0] [APP: owc_discussions#11.1.1.2.0] [dcid: bafcaeab2cd82008:-b3c6f44:12ad6d55fae:-8000-00000000000003c6] Fault occurred![[
    com.jivesoftware.base.UnauthorizedException: Authentication Failed
    at com.jivesoftware.forum.webservices.server.xfire.PermissionHandler.acquireAuthToken(PermissionHandler.java:194)
    at com.jivesoftware.forum.webservices.server.xfire.PermissionHandler.invoke(PermissionHandler.java:98)
    at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
    at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
    at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:39)
    at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:287)
    at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130)
    at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:117)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
    at com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:189)
    at com.jivesoftware.base.action.util.JiveFilterDispatcher.doFilter(JiveFilterDispatcher.java:69)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
    at com.jivesoftware.base.util.webwork.JiveActionContextCleanUp.doFilter(JiveActionContextCleanUp.java:38)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
    at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Log of the server that hosts the app:
    [2010-09-05T23:21:08.184-07:00] [AdminServer] [WARNING] [] [oracle.adf.controller.internal.metadata.MetadataService] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000If_h8YC5e_Vau1q2UH1CWBIO0001Nc,0] [APP: StoreFrontModule#V2.0] [dcid: bafcaeab2cd82008:3873773a:12ad6c38b8a:-8000-0000000000001665] ADFc: /WEB-INF/adfc-config.xml:
    [2010-09-05T23:21:08.185-07:00] [AdminServer] [WARNING] [ADFC-52024] [oracle.adf.controller.internal.metadata.MetadataService] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000If_h8YC5e_Vau1q2UH1CWBIO0001Nc,0] [APP: StoreFrontModule#V2.0] [dcid: bafcaeab2cd82008:3873773a:12ad6c38b8a:-8000-0000000000001665] [arg: shoppingCartBean] ADFc: Duplicate managed bean definition for 'shoppingCartBean' detected.
    [2010-09-05T23:21:08.190-07:00] [AdminServer] [ERROR] [] [org.apache.myfaces.trinidadinternal.application.StateManagerImpl] [tid: [ACTIVE].ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000If_h8YC5e_Vau1q2UH1CWBIO0001Nc,0] [APP: StoreFrontModule#V2.0] [dcid: bafcaeab2cd82008:3873773a:12ad6c38b8a:-8000-0000000000001665] Could not find saved view state for token uutg3hslp
    [2010-09-05T23:21:11.851-07:00] [AdminServer] [WARNING] [] [oracle.adfinternal.view.faces.renderkit.rich.NavigationPaneRenderer] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: 0000If_h9SE5e_Vau1q2UH1CWBIO0001Ni,0] [APP: StoreFrontModule#V2.0] [dcid: bafcaeab2cd82008:3873773a:12ad6c38b8a:-8000-000000000000166f] Warning: There are no items to render for this level
    [2010-09-05T23:21:22.821-07:00] [AdminServer] [WARNING] [WCS-04013] [oracle.webcenter.collab.forum.internal.view.backing] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: pbrown] [ecid: 0000If_hC765e_Vau1q2UH1CWBIO0001Nm,0] [APP: StoreFrontModule#V2.0] [dcid: bafcaeab2cd82008:3873773a:12ad6c38b8a:-8000-0000000000001673] [arg: pbrown] [arg: Authentication Failed] failure to authenticate the user pbrown, due to: Authentication Failed[[
    oracle.webcenter.collab.share.LoginFailedException: failure to authenticate the user pbrown, due to: Authentication Failed
    at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.handleException(JiveAuthenticator.java:304)
    at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:247)
    at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:128)
    at oracle.webcenter.collab.share.Session$1.call(Session.java:353)
    at oracle.webcenter.collab.share.Session$1.call(Session.java:347)
    at oracle.webcenter.concurrent.Submission$2.run(Submission.java:406)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
    at oracle.webcenter.concurrent.Submission.runAsPrivileged(Submission.java:420)
    at oracle.webcenter.concurrent.Submission.run(Submission.java:347)
    at oracle.webcenter.concurrent.Submission$SubmissionFutureTask.run(Submission.java:737)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:442)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
    at java.util.concurrent.FutureTask.run(FutureTask.java:139)
    at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.runTask(ModifiedThreadPoolExecutor.java:657)
    at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.run(ModifiedThreadPoolExecutor.java:683)
    at java.lang.Thread.run(Thread.java:619)
    Caused by: Authentication Failed
    Thanks,
    Todd

    I have same problem here. used weblogic admin but still doesnt works. Thats amazing or not?
    oracle.webcenter.collab.share.LoginFailedException: failure to authenticate the user Weblogic, due to: Authentication Failed
    Edited by: José Carlos on 06/09/2010 06:56

  • Windows authentication fails from Mac browser when LB is in between

    (1)     A new instance of Windows server 2008 R2 is taken and IIS server is installed.
    On IIS server, ‘Windows Authentication’ is enabled and all the other authentication (anonymous, basic) is disabled.
    (2)     From Safari browser on Mac, a IIS resource (protected by Windows Authentication) is accessed by directly accessing IIS server. The resource access is successful.
    (3)     Now a Load Balancer is configured in front of IIS server.
    (4)     From Safari browser on Mac, a IIS resource (protected by Windows Authentication) is accessed by accessing load balancer. Here IIS server prompts for username and password.
    Seems that authentication negotiation is failing between Mac browser and IIS when LB is in between. Can somebody pls know the reason / resolution for this issue ?
    Thanks

    I was just helping someone with this same issue, and found this post searching for answers. I think it's a problem with your web hosting provider. It looks like whois is saying you both use readyhosting.net, is that right?
    If you go into the developer options and override the User Agent string, you can make the issue start and stop. When the user agent string starts with "Mozilla/5.0 (Windows NT 6.1", then the page with show the error message. If it starts with anything else, then it works fine.
    This, and the fact that you did not make any changes to your site makes it sound like your hosting provider changed something. You probably need to have them fix it somehow.

  • Certificate Authentication Failed

    I cannot install the adobe flash player on my windows xp because it will not run due to the authentication of certificate failed.

    Can you specify where you get Flash Player?

  • Remote access certificate authentication: moving from sha-1 to sha-2

    We have an ASA5520 supporting remote access clients using anyconnect; currently the environment is leveraging certificates using the sha-1 hash.      Our CA will no longer be deploying certificates with sha-1 and new users will be getting certificates with sha-2.  My question is in regard to migrating to the use of new certificates using sha-2.
    Will we need to deploy new certificates on the ASA and/or legacy clients, or will we be able to support clients with both hashes with no change?
    Any information you can offer will be appreciated.
    Per

    That depends on the CA. Many CAs give you the choice between SHA-1 and SHA256 when you submit your CSR.
    For other CAs like StartSSL, the used hashing is the same as the one used for the CSR. In that case you have to generate the CSR manually with openSSL or something similar.

  • Certificate authentication

    is there a fix for getting the error message "Certificate authentication failed" when installing adobe reader? I am logged in as Administrator, tried uninstalling previous versions, tried saving file to local drive and running install from there. even tried prevoius version 9.3, running windows XP w/ SP3.

    yes its possible and check this link for deployment and reference
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/eap_pap_phase.html

  • How do I get certificate authentication working across multiple domains?

    Hi,
    I've got LC ES2 set up for certificate authentication and when there's only one domain (with a single certificate mapping set up), it works fine.
    However would like to have multiple domains (application specific), with a small set of administrator type users who manage all of the domains.
    To test, I've set up two domains, with the admin users in one and the normal users in the other.
    I've set up two certificate mapping rules (both for the same CA), one for each domain.
    However LC will only authenticate users who are matched using the first certificate mapping rule.
    Has anyone else seen/tried this?  Have I missed something obvious?
    For the moment I'm going to have to work with a single domain, which is a pain, but will have to do for now.
    Thanks
    Craig
    Here's the error I get when LC fails to match (or attempt to match?) on the second cert mapping rule:
    2010-05-11 11:23:41,331 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
    2010-05-11 11:36:38,835 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
    2010-05-11 11:36:38,885 ERROR [STDERR] 11/05/2010 11:36:38 AM com.adobe.rightsmanagement.webservices.rest.RestServlet doAction
    SEVERE: Unexpected exception in Rest Call
    com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16423 errorCodeHEX:0x4027 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mappingcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12805 errorCodeHEX:0x3205 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping
    at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:251)
    at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:194)
    at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:338)
    at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:154)
    at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:162)
    at com.adobe.idp.um.dsc.util.dscservice.UserManagerUtilServiceImpl.authenticateWithWSHeaderE lement(UserManagerUtilServiceImpl.java:173)
    at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.jav a:118)
    at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor. java:140)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassi vationInterceptor.java:53)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(Transa ctionInterceptor.java:74)
    at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew (EjbTransactionBMTAdapterBean.java:218)
    at sun.reflect.GeneratedMethodAccessor363.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
    at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:237)
    at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:158)
    at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
    at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
    at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 73)
    at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)
    at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:169)
    at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
    at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
    at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
    at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
    at org.jboss.ejb.Container.invoke(Container.java:960)
    at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
    at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
    at $Proxy179.doRequiresNew(Unknown Source)
    at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvi der.java:145)
    at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInt erceptor.java:72)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStra tegyInterceptor.java:55)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateIntercep tor.java:37)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterc eptor.java:165)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
    at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
    at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:121)
    at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
    at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessage Receiver.java:93)
    at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:22 5)
    at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispat cher.java:66)
    at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
    at com.adobe.idp.um.dsc.util.client.UserManagerUtilServiceClient.authenticate(UserManagerUti lServiceClient.java:210)
    at com.adobe.edc.server.platform.UMHelper.authenticate(UMHelper.java:549)
    at com.adobe.rightsmanagement.webservices.rest.RestFacade.validateClientAuthenticationHeader (RestFacade.java:161)
    at com.adobe.rightsmanagement.webservices.rest.RestFacade.getBusinessHandler(RestFacade.java :206)
    at com.adobe.rightsmanagement.webservices.rest.RestFacade.getAuthenticationToken(RestFacade. java:226)
    at com.adobe.rightsmanagement.webservices.rest.RestDefaultRequestHandler.handleRequest(RestD efaultRequestHandler.java:29)
    at com.adobe.rightsmanagement.webservices.rest.RestSecureRequestHandler.handleRequest(RestSe cureRequestHandler.java:13)
    at com.adobe.rightsmanagement.webservices.rest.RestRequestRouter.routeRequest(RestRequestRou ter.java:10)
    at com.adobe.rightsmanagement.webservices.rest.RestServlet.doAction(RestServlet.java:50)
    at com.adobe.rightsmanagement.webservices.rest.RestServlet.doGet(RestServlet.java:37)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:179)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java: 157)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
    a
    2010-05-11 11:36:38,886 ERROR [STDERR] t org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:580)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Unknown Source)

    Craig,
    The certificate mapping works in the following manner,
    First the User's certificate is validated.
    If the certificate is valid, the related Certificate mapping information is fetched.
    From the Certificate Mapping information, the domain is determined.
    Following this, the user is searched in the domain and checked for it's current/deleted status.
    If user exists or is a valid one, then return an AuthResult corresponding to that is returned to the client.
    The error log below says, "Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping"
    1. Please check if the concerned user exists in the domain registered in the second cert mapping.
    2. Also check if the concerned user satisfies the attribute mapping specified in the second cert mapping.
    3. Could you confirm whether the admin Users and the normal users are distinct in both the domains and not duplicate in any of them??
       Because if same user exists in 2 domains, then there is no way to find out which domain you are referring to. In that case the first domain which declares the user as valid will return the AuthResult.
    4. You are using LC ES2, so there is a Test Certificate utlity on the same Certificate Mapping page, which can help you confirm the validity of the user's certificate and then you can proceed.

  • Certicate authentication failed

    i have downloaded the latest flash player from adobe.com, but it always shows ( Certificate authentication failed when i try to install it. Can someone help me to solve the problem? thank u so much..

    What is your operating system & version?
    What is your web Firefox version?
    What is your Flash Player version?  See http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_ Player_version_installed_on_your_machine

  • Having trouble installing adobe flash player- keep getting "Certificate Authintication failed", help

    having trouble installing flash player, keep getting "certificate authentication failed", did all the troubleshooting - did "unistall" stil nothing works.  Any suggestions

    What is your operating system & version?
    What is your web browser?
    [topic moved to Flash Player forum]

Maybe you are looking for

  • Schedule program in background & send output list as group email

    Hello all, I have a requirement where I have to schedule a job in background. If there happen to be an output, this output needs to be sent to the email id's stored in a Z Table. Please let me know how to proceed. Regards, Salil

  • Connecting laptop to net work printer

    How do I use a Usb flash drive to connect my laptop to my network printer?

  • Procedure for select command

    Can any one please tell me how to create a procedure for this query "Select * from <table_name>"? I have tried in oracal 10g its throws the error."PLS-00428: an INTO clause is expected in this SELECT statement". In sql server we can go and directly p

  • Is indexing HD necessary?

    I found this post about indexing a hard drive, http://discussions.apple.com/thread.jspa?messageID=692070. One of the replies said indexing was time consuming and unnecessary. They also mentioned they personally index only their documents folder, beca

  • Everytime I try to setup and email alias I get a server error. What gives?

    I've been trying for days to set up and email alias and this is what I get. Am I doing something wrong or is iCloud having issues?