SAP Knowledge Base Article - Preview

2523632 - SMP x.509 certificate authentication fails with 401, SSL_CLIENT_CERT header is specified but the user is not granted "Impersonator" role" error messages

Symptom

SMP is configured to use x.509 certificate authentication provider to authenticate mobile users, but the authentication fails with the below error messages:

Fetching security context failed for: 'null'
No AuthenticationEntryPoint was set during login attempt. Falling back to HTTP 401 + WWW-Authenticate 
"Authentication failed. SSL_CLIENT_CERT header is specified but the user is not granted "Impersonator" role"
Authentication Failed for: 'null'
Authentication failed for user null
CheckIfSessionExists returned false. Was logged out due to webapp switch false
authfilter-1: Security Configuration set to: '<AuthProfileName'
front-end-https: On
connection: close
content-length: 518
clientprotocol: https
Cookie: sapextlb_OQ5=SAP_WDISP_EXTSRV_0_F5DC34442BBB7C99 Expires: -1, Domain: null, Secure: false, HttpOnly: false
user-agent: Dalvik/2.1.0 (Linux; U; Android 7.0; Android SDK built for x86 Build/NYC)
ssl_client_cert: -----BEGIN CERTIFICATE----- <cert> -----END CERTIFICATE-----
ssl_cipher_usekeysize: 256
ssl_cipher_suite: ECDHE-RSA-AES256-GCM-SHA384
x-forwarded-for: 194.68.2.130
x-forwarded-proto: https
POST /odata/applications/v4/<>/Connections/ HTTP/1.1
host: test.ifa.mt.com
accept: */*
content-type: application/atom+xml;charset=utf-8


Read more...

Environment

 SAP Mobile Platform (SMP) 3.0 OData Runtime

Product

SAP NetWeaver 7.4

Keywords

x.509, x509, xml, cert, certificate, authentication, subjectDN, distinguished name, dn, cn, 401, 403, not authenticated, fail, fails, failed , KBA , MOB-ONP-SEC , SAP Mobile On Premise Security , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.