My Oracle Support Banner

IIS Proxy Plugin 1.1 Is Truncating WL-Proxy-Client-Cert Header (Doc ID 1388486.1)

Last updated on OCTOBER 11, 2018

Applies to:

Oracle Weblogic Server - Version: 10.3.5 and later   [Release: and later ]
Information in this document applies to any platform.

Symptoms

  • Windows 2008 R2 64 bit with IIS 7.5
  • Using 64bit plugin 1.1 from patch p10051826_1033_Generic.zip
  • IIS is configured for client certificates with SSL
  • The proxy plugin is not passing the WL-Proxy-Client-Cert correctly to WLS and truncating it
  • From the plugin log with DEBUG=ALL:
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-Client-IP]=[X.X.X.X]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [Proxy-Client-IP]=[X.X.X.X]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [X-Forwarded-For]=[X.X.X.X]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-Client-Keysize]=[128]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [X-WebLogic-KeepAliveSecs]=[30]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [X-WebLogic-Force-JVMID]=[-2134213772]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-SSL]=[true]
Tue Aug 09 19:26:02 2011 <882413129143624> Hdrs to WLS: [WL-Proxy-Client-Cert]=[MIIC]
  • Because of this WLS fails to verify the certificate with the following error in the $DOMAIN_HOME/servers/logs/<server>.log or stdout:
java.security.cert.CertificateException: Could not parse certificate: java.io.EOFException: Detect premature EOF
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:109)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at com.bea.common.security.jdkutils.X509CertificateFactory.engineGenerateCertificate(X509CertificateFactory.java:118)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
at weblogic.servlet.internal.VirtualConnection.initProxyClientCert(VirtualConnection.java:213)
Truncated. see log file for complete stacktrace
Caused By: java.io.EOFException: Detect premature EOF
at sun.misc.IOUtils.readFully(IOUtils.java:50)
at sun.security.util.DerValue.init(DerValue.java:370)
at sun.security.util.DerValue.<init>(DerValue.java:303)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
Truncated. see log file for complete stacktrace

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
  Symptoms
  Cause
  Solution
  References

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.