WebLogic Server 10.3.3: With JSSE and Certificate Requested but Not Enforced, Seeing Authentication Errors
(Doc ID 1304272.1)
Last updated on DECEMBER 11, 2020
Applies to:Oracle WebLogic Server - Version 10.3.3 to 10.3.3
Information in this document applies to any platform.
There are two types of users: A and B. Users of type A have SSL certificates which are registered with WebLogic Server, and they are authenticated by presenting those certificates to WLS. If there is no such certificate offered to WLS, the user is deemed to be of type B, and they are offered a form for form-based authentication. Users of type A do not have usernames and passwords for form-based authentication, just as users of type B do not have SSL certificates in place.
This is configured by setting up client certificates to be "requested but not enforced." That is, the authentication system requests a cert, but does not deny authentication if it does not receive one in return: in that case, the authentication moves on to the form-based authentication as spelled out above.
This works correctly in most versions of WebLogic Server. However, in WLS 10.3.3, the following error occurs:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document