Unable to Log On to the OAMCONSOLE Application after Configuring WebLogic to Listen on SSL only
(Doc ID 1924497.1)
Last updated on OCTOBER 20, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Weblogic Server configured for SSL only
WebLogic Embedded LDAP server used as the system Identity Store in OAM
Symptoms
The embedded WebLogic LDAP server is used as the OAM system Identity Store.
After the configuration of the WebLogic server processes to listen only on SSL ports ,
The OAM server is unable to authenticate the user accessing the oamconsole application via the WebLogic embedded LDAP server .
The following error is logged in the OAM diagnostic log file:
<> <Error> <oracle.oam.jndi.ldap> <OAMSSA-00134> <Failure of pool oracle.security.am.common.jndi.ldap.ucp.LdapConnectionPool@253ee69b to start.>
<> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20005> <Error initializing User/Role API : {0}. oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException
at oracle.security.am.engines.common.identity.provider.util.LDAPConfigurator.getFactoryEnv(LDAPConfigurator.java:274)
...
Caused By: oracle.security.am.common.jndi.ldap.PoolingException [Root exception is oracle.ucp.UniversalConnectionPoolException: javax.naming.CommunicationException: <HOSTNAME>.<DOMAIN>:<PORT> [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]
at oracle.security.am.common.jndi.ldap.config.LdapPoolConfig.start(LdapPoolConfig.java:421)
...
Caused By: oracle.ucp.UniversalConnectionPoolException: javax.naming.CommunicationException: <HOSTNAME>.<DOMAIN>:<PORT> [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at oracle.security.am.common.jndi.ldap.ucp.LdapConnectionFactoryAdapter.createConnection(LdapConnectionFactoryAdapter.java:432)
...
Caused By: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
...
Caused By: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
The oamconsole application could be accessed, if the OAM managed server process is stopped.
Changes
The WebLogic server processes are configured for SSL only as described in the Notes :
Configuring Oracle WebLogic Server (10.3.X - 12.1.X) to use SSL in Fusion Middleware 11g/12c (Doc ID 1235653.1)
How to Configure WebLogic Admin Server to Listen on SSL Only and associated FMW Considerations (Doc ID 1353951.1)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |