certificate auth scheme failing

Document ID : KB000111953
Last Modified Date : 30/08/2018
Show Technical Document Details
Issue:
When configuring X509 certificate authentication, the we see the authentication scheme load but when an authentication attempt is made the following error is logged:

[08/22/2018][09:21:00][3907033968][][][][][][][][][][][][][][LogMessage:ERROR:[sm-LoginLogout-00870] Certificate Authentication Scheme initialization failed, please check your configuration and restart policy server to try again][][][09:21:00.241][2496][SmAuthCert.cpp:4978][][][]
Environment:
12.52 SP1 CR5
Linux
Cause:
The x509 auth scheme needs to make CRL requests, which it utilizes the "curl" library for issuing these calls to the CRL service.  One of curl's dependencies is on the Internationalized Domain Name library for working with the domain names for requests.  This library currently is not bundled with the policy server, and if it is missing from the Linux OS the policy server is running on, it will issue this type of error trying to use the x509 auth scheme, even if CRL is not configured to be used. 
Resolution:
Locate and install the proper "libidn" package for your RedHat linux system.