IIS Proxy Plugin 1.0 For WebLogic Server Is Truncating The WL -Proxy-Client-Cert Header (Doc ID 1355311.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Weblogic Server - Version: 10.3.5 and later   [Release: and later ]
Generic Windows

Symptoms

  • Using WLS Plugin 1.0 for IIS from patch p10051826_1033_Generic.zip
  • IIS is configured for client certificates with SSL
  • The proxy plugin is not passing the WL-Proxy-Client-Cert correctly to WLS and is truncating it
  • From the plugin log with Debug=ALL:
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[WL-Proxy-Client-Keysize]=[128]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[X-WebLogic-KeepAliveSecs]=[30]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[X-WebLogic-Force-JVMID]=[-2134213772]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[WL-Proxy-SSL]=[true]
Wed Aug 10 21:41:43 2011 <22936131300890310> Hdrs to WLS:[WL-Proxy-Client-Cert]=[MIIC]
  • Because of this WLS fails to verify the cert with the following error in the $DOMAIN_HOME/servers/logs/<server>.log or stdout:
<Error> <HTTP> <BEA-101257> <Failed to parse the client certificate in header: WL-Proxy-Client-Cert. Ignoring this certificate.
java.security.cert.CertificateException: Could not parse certificate: java.io.EOFException: Detect premature EOF
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:109)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at com.bea.common.security.jdkutils.X509CertificateFactory.engineGenerateCertificate(X509CertificateFactory.java:118)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at weblogic.servlet.internal.VirtualConnection.initProxyClientCert(VirtualConnection.java:213)
Truncated. see log file for complete stacktrace
Caused By: java.io.EOFException: Detect premature EOF
at sun.misc.IOUtils.readFully(IOUtils.java:50)
at sun.security.util.DerValue.init(DerValue.java:370)
at sun.security.util.DerValue.<init>(DerValue.java:303)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
Truncated. see log file for complete stacktrace

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms