Sso Shows Cert-Based Login Failed For Certain Users After 10.1.4 Upgrade (Doc ID 1366415.1)

Last updated on JANUARY 20, 2012

Applies to:

Oracle Application Server Single Sign-On - Version: 10.1.4.3 and later   [Release: 10gR3 and later ]
Information in this document applies to any platform.

Symptoms

Customer has configured SSO for Digital Certificates.
This was working successfully in version 10.1.2.3, however after upgrading to
SSO 10.1.4.3, users with certificates issued by 'VeriSign, Inc.' are
receiving the error "certificate-based login failed" in the browser window.

The following is shown in the ssoServer.log:

Mon May 09 10:59:51 CDT 2011 [ERROR]
AJPRequestHandler-ApplicationServerThread-11  Certificate authentication
failed. user, CN=Scott Tiger, OU=Acme, OU="VeriSign, Inc.",
OU=ANY, O=U.S. Company, C=US
oracle.ldap.util.UtilException: General Error when performing
searchCN=Scott Tiger, OU=Acme, OU=VeriSign, Inc., OU=ANY,
O=U.S. Company, C=US Invalid
name: CN=Scott Tiger, OU=Acme, OU=VeriSign, Inc., OU=ANY,
O=U.S. Company, C=US
       at oracle.ldap.util.PropertySet.doSearch(PropertySet.java:304)
       at oracle.ldap.util.LDAPEntry.getProperties(LDAPEntry.java:129)
       at oracle.ldap.util.User.getProperties(User.java:830)
       at
oracle.security.sso.server.ldap.OIDUserRepository.getUserInfoByDN(OIDUserRepos
itory.java:1954)
       at
oracle.security.sso.server.auth.SSOX509CertAuth.authenticate(SSOX509CertAuth.j
ava:431)
       at
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

Changes

Upgrade from SSO/OID 10.1.2.3 to 10.1.4.3.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms