Reference Guide
HPMA Audit Message Reference
36
HP Medical Archive
ETAF—Security Authentication Failed
A connection attempt using Transport Layer Security (TLS) has failed.
When a connection is established to a secure service that uses TLS, the
credentials of the remote entity are verified using the TLS profile and
additional logic built into the service. If this authentication fails due to
invalid, unexpected, or disallowed certificates or credentials, an audit
message is logged. This enables queries for unauthorized access
attempts and other security-related connection problems.
The message could result from a remote entity having an incorrect
configuration, or from attempts to present invalid or disallowed cre-
dentials to the system. This audit message should be monitored to
detect attempts to gain unauthorized access to the system.
Table 28: ETAF—Security Authentication Failed Fields
Code Field Description
CNID Connection
Identifier
The unique grid identifier for the TCP/IP connection
over which the authentication failed.
RUID User Identity A service dependent identifier representing the identity
of the remote user.
RSLT Reason Code The reason for the failure:
SCNI—Secure connection establishment failed.
CERM—Certificate was missing.
CERT—Certificate was invalid.
CERE—Certificate was expired.
CERR—Certificate was revoked.
CSGN—Certificate signature was invlid.
CSGU—Certificate signer was unknown.
UCRM—User credentials were missing.
UCRI—User credentials were invalid.
UCRU—User credentials were disallowed.
TOUT—Authentication timed out.