We are currently working for a customer (ICAP / EBS) with Access Manager
version 3.1 sp5 (Latest patch)

NAM 3.1.5-42
Identity Server
Access Gateway 3.1.5-42-6C61D19AC0408ED9

We are encountering the following issue with the Password + certificate

User authenticate using Password first (works fine) the user is prompted
for certificate (pick the wrong one for testing purpose) but still get's
authenticated to the application, the subject name of the wrong
certificate get's added to the sasAllowableSubjectNames attribute.

We have then remove this option by unchecking: Auto Provision X509 but
then as soon as we authenticate we get the following error: User
Certificate Authentication Failed Certification path could not be
validated. I am attaching the log file to this request so that you can
take a look at it, we have enable the full log of the IDP server in
order to gather as much information as we can.

|Filename: NIDP.2014-12-03.doc.zip |
|Download: https://forums.netiq.com/attachment....tachmentid=229 |

bic9286's Profile: https://forums.netiq.com/member.php?userid=1334
View this thread: https://forums.netiq.com/showthread.php?t=52357