-
Title
Password Manager Fails After Successful STS Authentication Due to SSL Certificate FQDN Mismatch -
Description
Users are unable to log in to the Password Manager Helpdesk portal or complete workflows when using STS (Secure Token Service) with the Default Active Directory Provider. Authentication succeeds according to the RSTS event logs, but Password Manager fails to identify the authenticated user.
Errors observed:
-
Helpdesk Portal: “Access is denied. You might not have permission to use this Help Desk site...”
-
Workflows: “A critical error occurred while running the workflow... The SSL connection could not be established.”
This behavior occurs across multiple authentication methods (Redirect, Popup, iFrame).
-
-
Cause
Product defect ID: 646197.
Although RSTS authentication is successful, Password Manager fails SSL validation because the RSTS certificate does not include the internal server FQDN or domain. Password Manager requires the certificate’s Subject Alternative Name (SAN) to match the internal FQDN or local domain (e.g.,
*.testserver.localordemo.testserver.local). -
Resolution
WORKAROUND
Replace the RSTS SSL certificate with one that includes the internal FQDN of the server in the SAN list.
-
Example: add
demo.testserver.localand/or*.testserver.localto the certificate. -
Restart RSTS and Password Manager services after applying the new certificate.
Once updated, authentication and workflow execution succeed without errors.
STATUS
The following defect ID 646197 has been created to address this issue, and it will be fixed in a feature release version. Please refer to this article for updates or contact support referencing the Product defect ID: 646197. -
-
Change Request
646197