Internal Error Logging into WebCenter Portal 12c After Configuring SSL Logs say: trustAnchors parameter must be non-empty (Doc ID 2217151.1)

Last updated on JULY 12, 2017

Applies to:

Oracle WebCenter Portal - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Symptoms

Trying to setup SSL on WebCenter Portal 12c that was working but now is failing with Internal Error's after the login step.
WebCenter Portal can be accessed with the https url, however after entering the user credentials the error "Internal Error" is seen on the page.

The WC_Portal log file shows errors like:

"...
java.lang.RuntimeException: oracle.webcenter.framework.service.WebCenterMemberException: Operations error: entity=ou=people,ou=myrealm,dc=WCP op=find mesg=
at oracle.webcenter.framework.service.Utility.getUserUniqueIdentifier(Utility.java:989)
at oracle.webcenter.framework.service.Utility.getUserName(Utility.java:650)
at oracle.webcenter.webcenterapp.model.security.WebCenterSecurityUtils.getUserUniqueID(WebCenterSecurityUtils.java:2082)
at oracle.webcenter.webcenterapp.internal.metadata.WebCenterUserCC.getValue(WebCenterUserCC.java:74)
at oracle.mds.internal.cust.CustomizationUtils.appendCLs(CustomizationUtils.java:725)
at oracle.mds.internal.cust.CustomizationUtils.getCLList(CustomizationUtils.java:311)
at oracle.mds.core.MDSSession.getMetadataObject(MDSSession.java:4620)
...
Caused By: oracle.webcenter.framework.service.WebCenterMemberException: Operations error: entity=ou=people,ou=myrealm,dc=WCP op=find mesg=
at oracle.webcenter.framework.security.idm.UserCacheManager.findUserFromUserName(UserCacheManager.java:1645)
at oracle.webcenter.framework.security.idm.UserCacheManager.getUserFromUserName(UserCacheManager.java:2164)
at oracle.webcenter.framework.service.Utility.getUserUniqueIdentifier(Utility.java:977)
at oracle.webcenter.framework.service.Utility.getUserName(Utility.java:650)
at oracle.webcenter.webcenterapp.model.security.WebCenterSecurityUtils.getUserUniqueID(WebCenterSecurityUtils.java:2082)
at oracle.webcenter.webcenterapp.internal.metadata.WebCenterUserCC.getValue(WebCenterUserCC.java:74)
at oracle.mds.internal.cust.CustomizationUtils.appendCLs(CustomizationUtils.java:725)
at oracle.mds.internal.cust.CustomizationUtils.getCLList(CustomizationUtils.java:311)
...
Caused By: oracle.igf.ids.IDSException: Operations error: entity=ou=people,ou=myrealm,dc=WCP op=find mesg=
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1701)
at oracle.igf.ids.UserManager.searchUser(UserManager.java:225)
at oracle.webcenter.framework.security.idm.UserCacheManager.findUserFromUserName(UserCacheManager.java:1597)
at oracle.webcenter.framework.security.idm.UserCacheManager.getUserFromUserName(UserCacheManager.java:2164)
at oracle.webcenter.framework.service.Utility.getUserUniqueIdentifier(Utility.java:977)
at oracle.webcenter.framework.service.Utility.getUserName(Utility.java:650)
at oracle.webcenter.webcenterapp.model.security.WebCenterSecurityUtils.getUserUniqueID(WebCenterSecurityUtils.java:2082)
at oracle.webcenter.webcenterapp.internal.metadata.WebCenterUserCC.getValue(WebCenterUserCC.java:74)
...
Caused By: oracle.igf.ids.arisid.ArisIdConnectionException: Operations error: entity=ou=people,ou=myrealm,dc=WCP op=find mesg= AdditionalInfo: LDAP Error 2 : simple bind failed: myhost.oracle.com:7011
at com.oracle.ovd.arisid.OvdIdsStackProvider.mapResultCode(OvdIdsStackProvider.java:741)
at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1271)
at com.oracle.ovd.arisid.ArisIdStackProvider.doFind(ArisIdStackProvider.java:172)
at org.openliberty.arisid.Interaction.doFind(Interaction.java:1022)
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1617)
at oracle.igf.ids.UserManager.searchUser(UserManager.java:225)
at oracle.webcenter.framework.security.idm.UserCacheManager.findUserFromUserName(UserCacheManager.java:1597)
at oracle.webcenter.framework.security.idm.UserCacheManager.getUserFromUserName(UserCacheManager.java:2164)
at oracle.webcenter.framework.service.Utility.getUserUniqueIdentifier(Utility.java:977)
at oracle.webcenter.framework.service.Utility.getUserName(Utility.java:650)
at oracle.webcenter.webcenterapp.model.security.WebCenterSecurityUtils.getUserUniqueID(WebCenterSecurityUtils.java:2082)
...
Caused By: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: myhost.oracle.com:7011
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:209)
at oracle.ods.virtualization.operation.SearchOperation.process(SearchOperation.java:47)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.processOperation(DefaultVirtualizationSession.java:403)
at oracle.ods.virtualization.service.DefaultVirtualizationSession.search(DefaultVirtualizationSession.java:190)
at com.oracle.ovd.arisid.OvdIdsStackProvider.doFind(OvdIdsStackProvider.java:1262)
at com.oracle.ovd.arisid.ArisIdStackProvider.doFind(ArisIdStackProvider.java:172)
at org.openliberty.arisid.Interaction.doFind(Interaction.java:1022)
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1617)
at oracle.igf.ids.UserManager.searchUser(UserManager.java:225)
at oracle.webcenter.framework.security.idm.UserCacheManager.findUserFromUserName(UserCacheManager.java:1597)
...
Caused By: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 2 : simple bind failed: myhost.oracle.com:7011
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getLDAPContext(BackendJNDI.java:1143)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.getConnection(BackendJNDI.java:1006)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.getHolder(ConnectionHandle.java:470)
at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.search(ConnectionHandle.java:276)
at oracle.ods.virtualization.engine.backend.jndi.JNDIEntrySet.initialize(JNDIEntrySet.java:223)
at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.get(BackendJNDI.java:802)
at oracle.ods.virtualization.engine.chain.Chain.nextGet(Chain.java:303)
at oracle.ods.virtualization.engine.chain.BasePlugin.get(BasePlugin.java:89)
...
Caused By: javax.naming.CommunicationException: simple bind failed: myhost.us.oracle.com:7011 [Root exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2788)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:154)
...
Caused By: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1815)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:128)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:426)
...
Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at sun.security.validator.PKIXValidator.(PKIXValidator.java:90)
at sun.security.validator.Validator.getInstance(Validator.java:179)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at oracle.ods.virtualization.engine.util.OVDTrustManager.checkServerTrusted(OVDTrustManager.java:100)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922)
...
Caused By: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:104)
at sun.security.validator.PKIXValidator.(PKIXValidator.java:88)
at sun.security.validator.Validator.getInstance(Validator.java:179)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
...
java.lang.NullPointerException
at oracle.webcenter.portalframework.sitestructure.SiteStructure.getResource(SiteStructure.java:518)
at oracle.webcenter.portalframework.sitestructure.SiteStructure.getResource(SiteStructure.java:561)
at oracle.webcenter.portalframework.sitestructure.SiteStructure.getResource(SiteStructure.java:77)
at oracle.webcenter.portalframework.sitestructure.handler.ViewIdProcessorImpl.getPathResource(ViewIdProcessorImpl.java:105)
at oracle.webcenter.portalframework.sitestructure.handler.ViewIdProcessorImpl.findNavigationResource(ViewIdProcessorImpl.java:86)
at oracle.webcenter.portalframework.sitestructure.handler.NavigationRendererViewIdProcessor.process(NavigationRendererViewIdProcessor.java:54)
at oracle.webcenter.portalframework.sitestructure.handler.AggregateViewIdProcessor.process(AggregateViewIdProcessor.java:40)
at oracle.webcenter.portalframework.sitestructure.handler.PortalFrameworkViewIdProcessor.process(PortalFrameworkViewIdProcessor.java:30)
at oracle.webcenter.portalframework.sitestructure.handler.AggregateViewIdProcessor.process(AggregateViewIdProcessor.java:40)
..."



This note was followed: <Note: 1142995.1> WebLogic Server: Procedure for Configuring Node Manager with SSL for steps to setup ssl in AdminServer, WC_Portal, etc.
Trying to use Custom Identity and Java Trust Store for the configuration which is why the WebCenter Portal SSL Documentation steps were not followed.


WebCenter Portal 12.2.1.0.0
=============================
29 Configuring SSL

WebCenter Portal 12.2.1.1
===========================
29 Configuring SSL


The customer was also not using an external ldap in their setup, so this is seen just using the Embedded Ldap Server.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms