X.509 Cert authentication fails returning the error NO_CERTMAP_OBJECT

Document ID:  TEC1344561
Last Modified Date:  06/14/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Single Sign-On

Releases

  • CA Single Sign-On:Release:12.52 SP1
  • CA Single Sign-On:Release:12.52
  • CA Single Sign-On:Release:12.52 SP2
  • CA Single Sign-On:Release:12.6.1

Components

  • SITEMINDER -POLICY SERVER:SMPLC
Question:

We are configuring X.509 certificate authentication, and after we have setup certificates and created the certificate mapping, we cannot authenticate the users as they are rejected by the Policy Server. When checking the Policy Server traces, we see the following error:

[SmAuthenticate][][][][][][-2][][NO_CERTMAP_OBJECT][][][][][][Unable to find issuer DN in certificate mapping rules][][][][][]

[SmAuthenticate][][][][][][][][][][][][][][][Authentication failed][][][][][][][][][][][][][][][][]

What does the NO_CERTMAP_OBJECT mean? How can we solve this issue?

Answer:

This error occurs when the Policy Server tries to match the certificate Issuer DN with the Certificate Mapping Issuer DN field, and does not succeed. If the mapping is not created, the same error will happen.

To solve the issue you need to ensure the Issuer DN field in the Certificate Mapping matches exactly the certificate Issuer DN, including spaces and other characters.

Additional Information:

This problem has already identified in a previous tech note : https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec529423.html. But this is more a authentication scheme issue.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing