Oracle API Gateway Filter "Log In With Certificate" (OAM 11gR2) Fails With Certificate Exception
(Doc ID 1618181.1)
Last updated on FEBRUARY 28, 2025
Applies to:
Oracle API Gateway - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Symptoms
When attempting to implement the Oracle Access Manager "Log in with certificate" filter for Oracle API Gateway as a part of a policy chain within OAG, the "Log in with certificate" filter successfully communicates with OAM to determine if the resource is protected and receives an AuthN scheme back from OAM. However, when the filter looks to process the user certificate that is stored within the 'certificate' message attribute it throws the following error:
java.security.cert.CertificateException: can't decode PkiPath
at com.vordel.security.openssl.OSSLCertificateFactorySpi.generatePathPkiPath(Native Method)
at com.vordel.security.openssl.OSSLCertificateFactorySpi.engineGenerateCertPath(OSSLCertificateFactorySpi.java:112)
Using Oracle API Gateway Version - 11.1.2.1.0, Oracle Access Manager - 11.1.2.1, and applied the One-off Patch for Bug: 16433057 that allows the OAG 11.1.2.1.0 to authenticate and authorize against an OAM 11gR2 server using the pure Java OAM ASDK as specified in Document 1562933.1.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |