Oracle API Gateway Filter "Log In With Certificate" (OAM 11gR2) Fails With Certificate Exception (Doc ID 1618181.1)

Last updated on MARCH 18, 2016

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Symptoms

When attempting to implement the Oracle Access Manager "Log in with certificate" filter for Oracle API Gateway as a part of a policy chain within OAG, the "Log in with certificate" filter successfully communicates with OAM to determine if the resource is protected and receives an AuthN scheme back from OAM. However, when the filter looks to process the user certificate that is stored within the 'certificate' message attribute it throws the following error:

java.security.cert.CertificateException: can't decode PkiPath
  at com.vordel.security.openssl.OSSLCertificateFactorySpi.generatePathPkiPath(Native Method)
  at com.vordel.security.openssl.OSSLCertificateFactorySpi.engineGenerateCertPath(OSSLCertificateFactorySpi.java:112)

Using Oracle API Gateway Version - 11.1.2.1.0, Oracle Access Manager - 11.1.2.1, and applied the One-off Patch for Bug: 16433057 that allows the OAG 11.1.2.1.0 to authenticate and authorize against an OAM 11gR2 server using the pure Java OAM ASDK as specified in Document 1562933.1.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms