SAP Knowledge Base Article - Preview

2523632 - SMP x.509 certificate authentication fails with 401, SSL_CLIENT_CERT header is specified but the user is not granted "Impersonator" role" error messages


SMP is configured to use x.509 certificate authentication provider to authenticate mobile users, but the authentication fails with the below error messages:

Fetching security context failed for: 'null'
No AuthenticationEntryPoint was set during login attempt. Falling back to HTTP 401 + WWW-Authenticate 
"Authentication failed. SSL_CLIENT_CERT header is specified but the user is not granted "Impersonator" role"
Authentication Failed for: 'null'
Authentication failed for user null
CheckIfSessionExists returned false. Was logged out due to webapp switch false
authfilter-1: Security Configuration set to: '<AuthProfileName'
front-end-https: On
connection: close
content-length: 518
clientprotocol: https
Cookie: sapextlb_OQ5=SAP_WDISP_EXTSRV_0_F5DC34442BBB7C99 Expires: -1, Domain: null, Secure: false, HttpOnly: false
user-agent: Dalvik/2.1.0 (Linux; U; Android 7.0; Android SDK built for x86 Build/NYC)
ssl_client_cert: -----BEGIN CERTIFICATE----- <cert> -----END CERTIFICATE-----
ssl_cipher_usekeysize: 256
ssl_cipher_suite: ECDHE-RSA-AES256-GCM-SHA384
x-forwarded-proto: https
POST /odata/applications/v4/<>/Connections/ HTTP/1.1
accept: */*
content-type: application/atom+xml;charset=utf-8



 SAP Mobile Platform (SMP) 3.0 OData Runtime


SAP Mobile Platform all versions


x.509, x509, xml, cert, certificate, authentication, subjectDN, distinguished name, dn, cn, 401, 403, not authenticated, fail, fails, failed , KBA , MOB-ONP-SEC , SAP Mobile On Premise Security , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.