Sso Shows Cert-Based Login Failed For Certain Users After 10.1.4 Upgrade
(Doc ID 1366415.1)
Last updated on MARCH 01, 2023
Applies to:
Oracle Application Server Single Sign-On - Version 10.1.4.3 and laterInformation in this document applies to any platform.
Symptoms
Customer has configured SSO for Digital Certificates.
This was working successfully in version 10.1.2.3, however after upgrading to
SSO 10.1.4.3, users with certificates issued by 'VeriSign, Inc.' are
receiving the error "certificate-based login failed" in the browser window.
The following is shown in the ssoServer.log:
Mon May 09 10:59:51 CDT 2011 [ERROR]
AJPRequestHandler-ApplicationServerThread-11 Certificate authentication
failed. user, CN=<END_USER_ID>, OU=Acme, OU="VeriSign, Inc.",
OU=ANY, O=U.S. Company, C=US
oracle.ldap.util.UtilException: General Error when performing
searchCN=<END_USER_ID>, OU=Acme, OU=VeriSign, Inc., OU=ANY,
O=U.S. Company, C=US Invalid
name: CN=<END_USER_ID>, OU=Acme, OU=VeriSign, Inc., OU=ANY,
O=U.S. Company, C=US
at oracle.ldap.util.PropertySet.doSearch(PropertySet.java:304)
at oracle.ldap.util.LDAPEntry.getProperties(LDAPEntry.java:129)
at oracle.ldap.util.User.getProperties(User.java:830)
at
oracle.security.sso.server.ldap.OIDUserRepository.getUserInfoByDN(OIDUserRepos
itory.java:1954)
at
oracle.security.sso.server.auth.SSOX509CertAuth.authenticate(SSOX509CertAuth.j
ava:431)
at
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
Changes
Upgrade from SSO/OID 10.1.2.3 to 10.1.4.3.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |