My Oracle Support Banner

Sso Shows Cert-Based Login Failed For Certain Users After 10.1.4 Upgrade (Doc ID 1366415.1)

Last updated on JANUARY 20, 2012

Applies to:

Oracle Application Server Single Sign-On - Version: and later   [Release: 10gR3 and later ]
Information in this document applies to any platform.


Customer has configured SSO for Digital Certificates.
This was working successfully in version, however after upgrading to
SSO, users with certificates issued by 'VeriSign, Inc.' are
receiving the error "certificate-based login failed" in the browser window.

The following is shown in the ssoServer.log:

Mon May 09 10:59:51 CDT 2011 [ERROR]
AJPRequestHandler-ApplicationServerThread-11  Certificate authentication
failed. user, CN=Scott Tiger, OU=Acme, OU="VeriSign, Inc.",
OU=ANY, O=U.S. Company, C=US
oracle.ldap.util.UtilException: General Error when performing
searchCN=Scott Tiger, OU=Acme, OU=VeriSign, Inc., OU=ANY,
O=U.S. Company, C=US Invalid
name: CN=Scott Tiger, OU=Acme, OU=VeriSign, Inc., OU=ANY,
O=U.S. Company, C=US
       at oracle.ldap.util.PropertySet.doSearch(
       at oracle.ldap.util.LDAPEntry.getProperties(
       at oracle.ldap.util.User.getProperties(
       at javax.servlet.http.HttpServlet.service(
       at javax.servlet.http.HttpServlet.service(


Upgrade from SSO/OID to


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.