OIF 11g: Oracle Identity Federation User Keystore In SSL Mode Fails With javax.naming.CommunicationException: simple bind failed

(Doc ID 1275604.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Federation - Version 10.1.0.4 and later
Information in this document applies to any platform.

Symptoms

Oracle Identity Federation has been configured to use OVD(SSL mode) as the user data store,


Example:

Repository Type LDAP Directory
Connection URL ldaps://ovdhost.com:636
Bind DN cn=admin
User ID Attribute uid
User Description Attribute description
Person Object Class inetOrgPerson
Base DN dc=users,dc=com
Maximum Connections 50
Connection Wait Timeout (sec) 30


Added LDAP server certicate under Em console=> OIF->Security and Trust -> Trusted CA and CRL's
But the federation logs shows:

[2010-12-13T14:41:52.024-06:00] [wls_oif1] [ERROR] [FED-12017] [oracle.security.fed.model.util.ldap.LDAPConnectionFactory] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000InXTwPA6yGADrbkZoY1D0_aI0000AN,0] [APP: OIF#11.1.1.2.0] [dcid: c41813c8f24bacdb:3cf8609c:12cd12e0e87:-8000-0000000000003dca] Communication Exception: unable to communicate with directory or naming service: {0}[[
javax.naming.CommunicationException: simple bind failed: ovdhost.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms