Fails to log in to IdM WebUI with certificate/smartcard: cannot perform post-handshake authentication
Issue
Fails to log in to IdM WebUI with certificate/smartcard
- IdM server has been configured for smart card authentication1
- Certificate has also been added to an user2
- Attempting to login to WebUI using smart card3. After clicking
Log In Using Certificate
,Authentication with personal certificate failed
error message is displayed on browser. -
Corresponding log message for the HTTP request is found in
/var/log/httpd/access_log
:<...> "GET /ipa/session/login_x509 HTTP/1.1" 403 258
-
Error messages with the same timestamp have also been recorded in
/var/log/httpd/error_log
[ssl:error] [pid <...>] [client www.xxx.yyy.zzz:39626] AH: verify client post handshake, referer: https://idm.example.com/ipa/ui/ [ssl:error] [pid <...>] [client www.xxx.yyy.zzz:39626] AH10158: cannot perform post-handshake authentication, referer: https://idm.example.com/ipa/ui/ [ssl:error] [pid <...>] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received
Environment
- Red Hat Enterprise Linux 8.2 or newer
- Red Hat Identity Management (IdM) / FreeIPA
- ipa-server
- httpd
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.