SAP Knowledge Base Article - Preview

1851929 - x.509 authentication fails with CERT_NOT_UNIQUE

Symptom

  1. The AS Java is configured for x.509 client certification authentication
  2. Authentication takes place based on established mappings of client certificates to user accounts in the UME i.e. the ClientCertLoginModule rule Rulex.getUserFrom=wholeCert is used for authentication 
  3. x.509 client certificate authentication fails for one or more users and when the failing authentication is captured using the web diagtool or security troubleshooting wizard (Authentication specific locations) the following exception can be found written with DEBUG severity

Exception on login: 
[EXCEPTION]
com.sap.security.core.server.userstore.UserstoreException: Could not get user 
at com.sap.security.core.server.userstore.UserContextUME.engineGetUserInfo(UserContextUME.java:277)
at com.sap.engine.services.security.userstore.context.UserContext.getUserInfo(UserContext.java:120)
at com.sap.engine.services.security.server.jaas.ClientCertLoginModule.getUserNameFromCert(ClientCertLoginModule.java:363)

Caused by: com.sap.security.api.DuplicateKeyException: CERT_NOT_UNIQUE
at com.sap.security.core.imp.UserAccountFactory.getUserAccount(UserAccountFactory.java:1058)
at com.sap.security.core.imp.UserAccountFactory.getUserAccount(UserAccountFactory.java:977)
at com.sap.security.core.imp.UserAccountFactory.getUserAccount(UserAccountFactory.java:1131)
at com.sap.security.core.server.userstore.UserContextUME.engineGetUserInfo(UserContextUME.java:272)
... 64 more


Read more...

Environment

  • Netweaver AS Java 6.40
  • Netweaver AS Java 7.0x
  • Netweaver AS Java 7.1x
  • Netweaver AS Java 7.2x
  • Netweaver AS Java 7.3x

Product

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver Application Server for Java 7.1 ; SAP NetWeaver Application Server for Java 7.2 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 1 for SAP NetWeaver Application Server for Java 7.1 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

KBA , BC-JAS-SEC-LGN , Logon, SSO , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.