Certificate user redirected to Username/Password page

Has anyone seen a user who is setup for certificate authentication, after selecting their authentication certificate, they are redirected to the username/password page.  If you have, what do you think is causing this phenomenon?

  • If certificate checks are failing and the Fail option is set to FailSecure then TPAM will likely redirect to the main login page with the username and password prompt as authentication was denied.

    There are 3 Fail options available (can be verified in /admin interface > Keys menu > TPAM Trusted CA Certificates) and they are as follows:

    1. None - only the Thumbprint is used for verification.
    2. Failsafe - authentication is permitted if the OCSP response is “good”, or if the thumbprint matches.
    3. Failsecure - authentication is denied if the OCSP responder gives any response other than “good”.

    You may use the option Failsafe instead of Failsecure for the Fail Option setting, as that would allow TPAM to check the user's certificate thumbprint if the OCSP responder(s) are not available.

    Enhancement #10226 has been included in TPAM v2.5.921 to add additional logging related to OCSP (Online Certificate Status Protocol) check failures to the Security log.