Cannot Authenticate To WebCenter Spaces With SSL Enabled Authenticator (Doc ID 1266217.1)

Last updated on NOVEMBER 29, 2016

Applies to:

Oracle WebCenter Portal - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Symptoms

Note: WebCenter Spaces has been renamed to WebCenter Portal. In versions prior to 11.1.1.7, the term 'spaces' was used. In 11.1.1.7 and beyond, 'spaces' will now be referred to as 'portals'.

After creating a WLS Authenticator for an external LDAP directory and registering it as a User Identity Store for WebCenter Spaces with the SSL port, users cannot log into WebCenter Spaces as the LDAP users. When attempting to authenticate they receive an error indicating invalid user credentials.

In the WLS_Sapces_diagnostics.log file an error is seen reporting handshake errors:

[2010-11-18T10:01:24.966-07:00] [WLS_Spaces] [WARNING] [JPS-01520] [oracle.jps.idmgmt] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)']
[ecid: 0000IiXBBi5Ccp_LxQDCiW1Ch8LE00000G,0] [APP: webcenter]
[arg: oracle.security.idm.ConfigurationException: javax.naming.CommunicationException::3269
[Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: \n java.security.cert.CertPathValidatorException:
The certificate issued by CN=cacentral, DC=oracle, DC=com is not trusted; internal cause is: \n java.security.cert.CertPathValidatorException: Certificate chaining error]] Cannot initialize identity store.

Changes

The Authenticator configured for User Identification was changed from Non-SSL to SSL or initially registered SSL.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms