Cannot obtain certificate
Symptoms
After successful Veridium authentication, Credential Provider is showing error message "Unable to obtain certificate for login."
Message in the Windows Server – VeridiumRA event type :
{
"Module": "VeridiumRA",
"Method": "POST:api/BopsCertificate",
"UPN": "",
"EVENT_SOURCE": "VeridiumRA",
"ThreadID": 14,
"Messages": [
{
"variable": "Info",
"value": "ValidateTokenRequest - Check Identity token format JSON"
},
{
"variable": "Info",
"value": "ValidateTokenRequest - Identity token format is JWT"
},
{
"variable": "Error",
"value": "GetUserCertificate: Veridium Token failed validation: IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'."
},
{
"variable": "Error",
"value": "GetUserCertificate: System.Exception: Veridium Token failed validation: IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'.\r\n at RaWebApp.Controllers.BopsCertificateController.ValidateTokenRequest(Activity a, RACertificatRequest request)\r\n at RaWebApp.Controllers.BopsCertificateController.Post(RACertificatRequest request)"
}
],
"TimeProfile": [],
"InputParameters": [
{
"variable": "request.bopsToken",
"value": "eyJraWQiOiJmN2IxN2IxMC03NmY2LTRhYWYtYWEwYi1kY2Q4NjNiNTUzOGYiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJmNGQ2MDRmMy02NGU3LTRmNDgtOWYxYy1jMGI4Mzc1ZGJjNzEiLCJzdWIiOiJTLTEtNS0yMS0yMDExNjYxODQxLTQyNjUzMTU4NTgtMzgwMTc4MDgyNS0xMTA1IiwiYXVkIjpbIkFEdjJNdWx0aVN0ZXBFbnJvbGxtZW50IiwiZWIwMzk3NWQtZmUzMy00Y2RlLWE1ZDctNTE0OGY3MWUzYzE3Il0sImlzcyI6IlZlcmlkaXVtSUQiLCJleHAiOjE2NTE2NTc5NTUsImlhdCI6MTY1MTY1Nzg5NSwidHQiOm51bGwsInRjIjoiMzJmNzdmY2QzOWRiZWNlMTQ3ZDYwYWQ5Zjc1ZDkxZDhiYWFhNzExY2U0YjFjMGQzZDA1OGYxMDljZWFjOWEyMyIsInNpZCI6Ijc2YmIzNjk1LTZmMDgtNGNkYS1iNGZiLWZjNGZiZDM1Zjk1ZiIsImFkIjoiY2I2ZmY5ZjQtZjZhMC00MzllLTk4N2YtMjE0ZjEzYzNmZTExIiwiZWQiOiJlYjAzOTc1ZC1mZTMzLTRjZGUtYTVkNy01MTQ4ZjcxZTNjMTciLCJ1cG4iOiJ0ZXN0dXNlckBwYXJ0bmVyLWZyLmxvY2FsIiwibG9jYXRpb24iOnsiaXAiOm51bGwsImNvdW50cnlDb2RlIjoiRlIiLCJzb3VyY2UiOiJNT0JJTEUiLCJjb3VudHJ5TmFtZSI6IkZyYW5jZSIsInJlZ2lvbkNvZGUiOm51bGwsInJlZ2lvbk5hbWUiOm51bGwsImNpdHkiOm51bGwsImRpc3RyaWN0IjpudWxsLCJzdHJlZXQiOm51bGwsInN0cmVldE51bWJlciI6bnVsbCwicG9zdGFsQ29kZSI6bnVsbCwiY29vcmRpbmF0ZXMiOm51bGwsImFjY3VyYWN5Ijo0LjU4ODE4OTU2MzIxNTMxLCJlcnJvckNvZGUiOjB9fQ.QO6jv8p8eVjmV9Vi7zgtFRYjic266DnnxEi8Z9aGwEg9o3UM0xFwnD83rwA0O77HD2pNXrjlUVPgeRkdNeHbdARWcgkccF3s_cN4xTciktKUbZu7zB98pIo_eKfOwkL2eWrBt8uSMj8jl-jqB24B3LlWmZPzZ9SqQmclGQphFcDOu4E6BGSukTmmiJlM8vuHA4ofnkl0B_hwSMabz8TymlRO9SPDCF4aT238FijJnkd2eOmt19py7KflPeUEb03hCGnG2_jFEbUU-QGY_z9yUIuYv-tKwoRiLOlwgPEVVoTTIxXxjo_FY6n0_iaadAhjNaUATezqegIEW8nHkoF1lIxc_vBv_ag8r_D9VA8O8mAR7vMt-N_APCAEwpS65aP9Rs68e2AUXHd8juRs5eXE5XZiesMEMwjP4vqrWDvEGX1gDeFB4GVzKP0Jb5R1epNdqYJ5YKezQwlBVb6l44QM3UGa2besJQdcZDRQb-fq6LzqsfZEc1MlB0VSVj38Eg67Z5xFWDcyJPHcJfwguKNT6kjXRoF1-_M0KrwGKmlXWm8N-Xc_5Nkq7oQ5E0lcoAdVTLg3etXzVjKGU4wQ-X12OALQQQAl4ssPqXQMah0XYwz4Og_jcrtww4GzwkGb-baZovyplXIMcywvra-HSPObyXWgu73dyLbLrRI07bDfBa0"
}
],
"Return": {
"ReturnCode": -1,
"NativeReturnCode": 0,
"Text": "Error",
"Description": "Certificate for user failed",
"Details": "System.Exception: Veridium Token failed validation: IDX10223: Lifetime validation failed. The token is expired. ValidTo: 'System.DateTime', Current time: 'System.DateTime'.\r\n at RaWebApp.Controllers.BopsCertificateController.ValidateTokenRequest(Activity a, RACertificatRequest request)\r\n at RaWebApp.Controllers.BopsCertificateController.Post(RACertificatRequest request)"
},
"ActivityStartTime": "2022-05-04T10:48:39.2898086-07:00",
"ActivityEndTime": "2022-05-04T10:48:39.2898086-07:00",
"Duration": 0
Resolution
The time on Windows server and or Windows client are not in sync.
Suggestion: use manual ntp command to force the sync with an NTP server:
w32tm /config /manualpeerlist:time.windows.com,0x1 /syncfromflags:manual /reliable:yes /update