OpenSSO: Windows Desktop SSO Fails over HTTPS (Doc ID 1336584.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle OpenSSO - Version: 8.0.1.2 and later   [Release: 8.0 and later ]
Information in this document applies to any platform.
OpenSSO DesktopSSO HTTPS Cannot Establish Context

Symptoms

The Windows Desktop SSO authentication specifically fails for OpenSSO deployed on any container running with certain JDK versions **ONLY** when running in HTTPS mode **AND** using Microsoft Internet Explorer (IE) as the browser client. Clients such as Firefox do not have any issues whether you are using HTTP or HTTPS for the container running the OpenSSO server.

In other words the same configuration will not have issues if you run the OpenSSO container in HTTP mode and doing Window Desktop SSO using IE as the browser client.

You might see the debug logs capture the below (notice the "Cannot establish context !" message):

<snip>
amAuthWindowsDesktopSSO:<DATE> <TIME> PM EDT: Thread[WebContainer : 1,5,main]
Kerberos token retrieved from SPNEGO token:
60 82 05 81 06 09 2a 86 48 86 f7 12 01 02 02 01
..
..
95 ec 42 ab f0
amAuthWindowsDesktopSSO:<DATE> <TIME> PM EDT: Thread[WebContainer : 1,5,main]
In authenticationToken ...
amAuthWindowsDesktopSSO:<DATE> 05:59:41:508 PM EDT: Thread[WebContainer : 1,5,main]
Context created.
amAuthWindowsDesktopSSO:<DATE> <TIME> PM EDT: Thread[WebContainer : 1,5,main]
Token returned from acceptSecContext:
60 82 01 2a 06 09 2a 86 48 86 f7 12 01 02 02 03
..
..
64 20 76 65 72 69 66 69 63 61 74 69 6f 6e
amAuthWindowsDesktopSSO:<DATE> <TIME> PM EDT: Thread[WebContainer : 1,5,main]
Cannot establish context !
amLoginModule:<DATE> <TIME> PM EDT: Thread[WebContainer : 1,5,main]
Login NEXT State : 0
amLoginModule:<DATE> <TIME> PM EDT: Thread[WebContainer : 1,5,main]
SETTING Failure Module name.... :WDSSO
</snip>


Please note this snippet was captured with the Debug level set to "message".

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms