Certificate Authentication Scheme Failing on RedHat Linux

Document ID : KB000020040
Last Modified Date : 14/02/2018
Show Technical Document Details


When configuring X509 CLient certificate authentication scheme on RedHat Linux, getting a failure when trying to authenticate.
In the smps.log "Failed to initialize authentication scheme 'xxxx' " is reported.
Where xxxx is the actual name of the Authentication Scheme


In order to find out the root cause, enable Policy Server tracing.
When Policy Server tracing was enabled we saw the following error message:
Configuration file not found: '/apps/siteminder/config/SMocsp.conf' and also "Error loading libcurl.dll"

Asked customer to run ldd libcurl.so (Note: there is a bug in reporting this error message. On Solaris the file extension is not dll, it's .so. This bug will be fixed in newer releases.)
Please check that the OS dependent library libidn.so.11 is not missing in the system. It is loaded by ./lib/libcurl.so.

ldd ./lib/libcurl.so
linux-gate.so.1 => (0x006ed000)
libidn.so.11 => not found
librt.so.1 => /lib/librt.so.1 (0x001c5000)
libdl.so.2 => /lib/libdl.so.2 (0x004f1000)
libz.so.1 => /apps/siteminder/lib/libz.so.1 (0x00406000)
libc.so.6 => /lib/libc.so.6 (0x001ce000)
libpthread.so.0 => /lib/libpthread.so.0 (0x0093b000)
/lib/ld-linux.so.2 (0x00b3c000)

Note: libcurl.so is under <siteminder_home>/lib directory.
As from the ldd output it is clear that libidn.so.11 file is missing. Asked customer to install this library(it's an OS library) and stop/start Policy Server and do the test.
This resolved the problem.