[HELP] Unable to login with Smart Card

[dnauman1]

Unable to login with Smart Card

When configuring Smart card or other certificate for user authentication prompts for MFA but am getting an ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED after authenticating. I do not see any other additional server-side configurations in the documentation so am unsure what could be causing this. There are no events written in the event logs or lithnet logs.

[ryannewington]

Hi @dnauman1

That looks like a client side Chrome error.

Do you get the same error with Firefox?

[dnauman1]

Yes. It occurs on all browsers. Edge, Chrome and Firefox. For Firefox it prompts for my Pin for my smart card and after entering it displays an error: Error code: SSL_ERROR_HANDSHAKE_FAILED.

[dnauman1]

I think I found the issue. Does AMS support TLS 1.3? My server is running 2022 and TLS 1.3 was enabled. I turned it off and it's now allowing the connection.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.

[dnauman1]

Does AMS smart card authentication support TLS 1.3?

[ryannewington]

@dnauman1 Apologies for the slow response. It should work, I'm not sure what is going on here. I will need to spend some time trying to reproduce this in the lab.

[red-erik]

Hello,
as far as I know IIS does not support TLS 1.3 natively so I suppose AMS needs some "custom configuration" for HTTP.SYS
Some reference here
https://techcommunity.microsoft.com/t5/networking-blog/enabling-http-3-support-on-windows-server-2022/ba-p/2676880
https://techcommunity.microsoft.com/t5/networking-blog/troubleshooting-http-3-in-http-sys/ba-p/3273139
Hope it helps.
Regards,
Red.