Invalid Authentication Configuration Error with BorderManager 3.9

  • 7000949
  • 16-Jul-2008
  • 26-Apr-2012

Environment

Novell BorderManager 3.9 Support Pack 1
Novell BorderManager 3.9

Situation

When attempting to use BorderManager Proxy, the user receives an error message: HTTP 403 access denied - Invalid Authentication configuration.

Resolution

Steps to resolve issue:
  1. In iManager, go to Proxy Services. Select the BoderManager 3.9 server and choose OK.
  2. Click on HTTP under Authentication Context.
  3. Verify that the SSL Listening Port is set and does not conflict with the Apache Web server or any other SSL listener (the default port is 444).
  4. Verify there is a certificate selected in the Key ID. This can be any certificate in the drop down list, but is usually either SSL CertificateIP or SSL SertificateDNS.
  5. Under the Context Tab, there should be a list of Contexts where the users are located. If there are entries, verify that they are correct.
  6. Apply the changes and test.  If Authentication still fails, continue to the next step.
  7. Unload BorderManager services.
  8. Run PKIDIAG, authenticate with a valid admin ID.
  9. Select option 4, verify it reads "Fix Mode."
  10. Select option 6, verify it reads "Always Rename and Create."
  11. Select option 0, run fix.
  12. Run pkidiag again and choose options 4 then 0.
  13. Continue running this until the summary returns 0 problems found, 0 problems fixed.
  14. Restart BorderManager on the server.
  15. In iManager, go to Proxy Services.
  16. Select the BM 3.9 server and choose OK.
  17. Click on HTTP under Authentication Context.
  18. Select a certificate in the Key ID drop down (the certificate previously selected).
  19. Click OK after selecting a certificate.
  20. Apply changes.
  21. Retest user attempting to go through Proxy.

The problem was a corrupt SSL Certificate (SSL CertificateIP in this case) that was recreated by pkidiag. Once the SSL  Certificate was recreated and selected, the HTTP 403 access denied - Invalid Authentication configuration was no longer a problem.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.