Error with AD and SSO-based authentication after upgrading inSync On-Premise server to 5.8.4
This article applies to:
- OS: Windows
- Product edition: inSync On-Premise 5.8.4
After upgrading inSync On-Premise server to 5.8.4, attempts to activate new clients and log in fail with an error message:
[2017-08-30 14:29:08,321] [WARNING] Active Directory User: firstname.lastname@example.org is not allowed to login. inSync Server must have Signed SSL Certificate.
[2017-08-30 14:29:08,321] [ERROR] User: Unknown encountered error. Error: Server security certificate is not trusted by OS. Please contact your IT Administrator. (#10000006e)
[2017-08-30 14:29:08,321] [ERROR] Error <class 'inSyncLib.inSyncError.SyncError'>:Server security certificate is not trusted by OS. Please contact your IT Administrator. (#10000006e). Traceback -Traceback (most recent call last):
SyncError: Server security certificate is not trusted by OS. Please contact your IT Administrator. (#10000006e)-==
This error occurs when inSync detects a self-signed certificate during the AD/SSO authentication. inSync mechanism is configured to use AD or Single Sign-On. Self-signed certificates will no longer work.
Note: This error does not impact users whose login mechanism is set to "inSync password" at the Profile level.
- Starting with version 5.8.4, inSync will need a signed SSL certificate for the AD/SSO client authentication to work.
- You must also make sure that the SSL key follows the guidelines listed in our documentation.
Note: If any certificate (root, intermediate or domain) is missing from the SSL certificate, it will result in the error described above.
For more information, see How to Install SSL Certificate from a Trusted CA?