IIS Proxy Plugin 1.1 Is Truncating WL-Proxy-Client-Cert Header

(Doc ID 1388486.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Weblogic Server - Version: 10.3.5 and later   [Release: and later ]
Information in this document applies to any platform.

Symptoms

  • Windows 2008 R2 64 bit with IIS 7.5
  • Using 64bit plugin 1.1 from patch p10051826_1033_Generic.zip
  • IIS is configured for client certificates with SSL
  • The proxy plugin is not passing the WL-Proxy-Client-Cert correctly to WLS and truncating it
  • From the plugin log with DEBUG=ALL:
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-Client-IP]=[X.X.X.X]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [Proxy-Client-IP]=[X.X.X.X]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [X-Forwarded-For]=[X.X.X.X]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-Client-Keysize]=[128]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [X-WebLogic-KeepAliveSecs]=[30]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [X-WebLogic-Force-JVMID]=[-2134213772]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-SSL]=[true]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-Client-Cert]=[MIIC]
  • Because of this WLS fails to verify the certificate with the following error in the $DOMAIN_HOME/servers/logs/<server>.log or stdout:
java.security.cert.CertificateException: Could not parse certificate: java.io.EOFException: Detect premature EOF
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:109)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at com.bea.common.security.jdkutils.X509CertificateFactory.engineGenerateCertificate(X509CertificateFactory.java:118)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at weblogic.servlet.internal.VirtualConnection.initProxyClientCert(VirtualConnection.java:213)
Truncated. see log file for complete stacktrace
Caused By: java.io.EOFException: Detect premature EOF
at sun.misc.IOUtils.readFully(IOUtils.java:50)
at sun.security.util.DerValue.init(DerValue.java:370)
at sun.security.util.DerValue.<init>(DerValue.java:303)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
Truncated. see log file for complete stacktrace

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms