Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-20611: Intermittent SSL connection error during MFA login

Authentication Service ,  

27 September,19 at 05:13 AM

Applies to: All version of Centrify Authentication Service

Problem:

Intermittent SSL connection error might occur when performing MFA login to Unix / Linux machines, where there is an inactive connector on the connector list of Admin Portal.
 
login as: jsmith
Kernel 3.10.0-229.el7.x86_64 on an x86_64

Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
SSL connection error
Access denied
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
[Available mechanisms]
 1 - Email... @centrify.com
 2 - Security Question
Please select a mechanism [1]:

Cause:

Since MFA is used for interactive login (not within script), there is a possibility where the Unix agent is picking on the inactive connector for MFA authentication process and therefore resulting to the SSL connection error.

Resolution:

There has been an enhancement being work on this behavior which is currently planned to include in Centrify Infrastructure Service 20.6, instead of directly return the SSL connection error when the connection has failed, the connection logic will now change to:
  • Agent will first perform a connection test against the connector that was picked from the list of connectors
  • Once it returns with the positive result, we will then able to ensure the connector in use is valid
  • Otherwise, the agent will move on to the next available connector on the list with the connection test until positive result is received

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.