Cannot Login To The OAM Console After Disabling the non-SSL Administration Port and Using the WLS Embedded LDAP Server for the System Store (Doc ID 1992948.1)

Last updated on MARCH 01, 2024

Applies to:

Symptoms

Administrators cannot login to the OAM Console after disabling the non-SSL port on the AdminServer.

For example, after running the following steps administrators can no longer login to the OAM console:

1. Use the WLS console to enable the "SSL Listen Port Enabled" for the WebLogic AdminServer and the OAM managed server
2. Modify the OAM identity store named UserIdentityStore1 to check the box for "Enable SSL"
3. Modify the OAM server instance to listen on the SSL port
4. Configure the OAM load balancer URL to use the HTTPS protocol and SSL port
5. Disable the non-ssl/HTTP port for the AdminServer and the OAM managed server.
6. Attempt to login to OAM console as <WLS_ADMIN> user (user in the embedded ldap). The browser will typically only show an "invalid username/password" error while the real error is thrown in the OAM diagnostic log.

Technically speaking steps (3) & (4) are not required. The OAM load balancer controls the redirect to the credential collector only. This is the URL that the browser will redirect to in order to present the username/password screen. This screen has nothing to do with the backend OAM server -> LDAP server communication. However, in most cases the end-user expects the entire login process to be done over SSL and thus included as standard SSL setup.

Changes

Disabling the non-SSL port of the WebLogic AdminServer. 

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.