ETAF: Security Authentication Failed
This message is generated when a connection attempt using Transport Layer Security (TLS) has failed.
Code | Field | Description |
---|---|---|
CNID |
Connection Identifier |
The unique system identifier for the TCP/IP connection over which the authentication failed. |
RUID |
User Identity |
A service dependent identifier representing the identity of the remote user. |
RSLT |
Reason Code |
The reason for the failure: SCNI: Secure connection establishment failed. CERM: Certificate was missing. CERT: Certificate was invalid. CERE: Certificate was expired. CERR: Certificate was revoked. CSGN: Certificate signature was invalid. CSGU: Certificate signer was unknown. UCRM: User credentials were missing. UCRI: User credentials were invalid. UCRU: User credentials were disallowed. TOUT: Authentication timed out. |
When a connection is established to a secure service that uses TLS, the credentials of the remote entity are verified using the TLS profile and additional logic built into the service. If this authentication fails due to invalid, unexpected, or disallowed certificates or credentials, an audit message is logged. This enables queries for unauthorized access attempts and other security-related connection problems.
The message could result from a remote entity having an incorrect configuration, or from attempts to present invalid or disallowed credentials to the system. This audit message should be monitored to detect attempts to gain unauthorized access to the system.