WebLogic Server 10.3.3: With JSSE and Certificate Requested but Not Enforced, Seeing Authentication Errors (Doc ID 1304272.1)

Last updated on JUNE 10, 2022

Applies to:

Symptoms

There are two types of users: A and B. Users of type A have SSL certificates which are registered with WebLogic Server, and they are authenticated by presenting those certificates to WLS. If there is no such certificate offered to WLS, the user is deemed to be of type B, and they are offered a form for form-based authentication. Users of type A do not have usernames and passwords for form-based authentication, just as users of type B do not have SSL certificates in place.

This is configured by setting up client certificates to be "requested but not enforced." That is, the authentication system requests a cert, but does not deny authentication if it does not receive one in return: in that case, the authentication moves on to the form-based authentication as spelled out above.

This works correctly in most versions of WebLogic Server. However, in WLS 10.3.3, the following error occurs:

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.