Users not prompted to re-authenticate as expected when launching SecureLogin enabled application

  • 7023810
  • 08-Apr-2019
  • 09-Apr-2019

Environment

NetIQ SecureLogin
SecureLogin 8.7.0.1
NSL8.7.0.1
Advanced Authentication 6.2
AAF Client 6.2
Windows 10
Advanced Authentication selected during SecureLogin installation

Situation

User is not prompted to re-authenticate when launching application
Application configured in SecureLogin to require re-authenticaiton before allowing user access  (AAVerify)

Error returned on re-authentication:
"The remote certificate is invalid according to the validation procedure” 

Resolution

Configure a valid certificate on the Advanced Authentication server.  

Workaround for POC or demo purposes:

set DisableSSLCheck to 1   in the registry at 

HKEY_LOCAL_MACHINE\SOFTWARE\Novell\SecureLogin\AdvancedAuthentication
DWORD DisableSSLCheck
Set to 1 to disable the SSL Check 
Set to 0(default) to enable the SSL check 

See the online documentaiton at 

Cause

A Self signed certificate was installed on the Advanced Authentication server.
SecureLogin checks for a secure connection when attaching to the Advanced Authentication server, and will return the above error if the connection is not secure. SecureLogin connections to AA servers are not supported with a self-signed certificates.