Clientsslkeystorepwd, Clientssltruststorepwd Not Properly Written In oam-config.xml when configure Two-Way SSL
Last updated on FEBRUARY 09, 2018
Applies to:
Oracle Access Manager - Version 11.1.2.3.170418 and laterInformation in this document applies to any platform.
Symptoms
Try to configure federation as an SSL client (E.g.: in SP mode) by using custom Java Trust and Key Stores.
Followed Doc ID 1675690.1
After this, ssl communication still fail , the last step where it fail
is the call to the artifacteResolve service of the IDP on a secure channel (two way SSL). In OAM diagnostic logs appear error:
[2018-01-10T17:12:06.418+01:00] [MS_OAM101] [NOTIFICATION:16] [OAMSSA-22009] [oracle.oam.diagnostic] [tid: [ACTIVE].ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005OatAtyOk3r2QBebN6D50003HB00000z,0:1] [APP: oam_server#11.1.2.0.0] Registering collector at runtime.
[2018-01-10T17:12:06.453+01:00] [MS_OAM101] [TRACE:32] [] [oracle.oam.engine.session] [tid: OAM - SME Session Store Dispatcher (JDBC)] [userId: <anonymous>] [ecid: bad9740006703b48:67775f9d:160e04736dc:-7ffd-0000000000000004,1:26756] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImpl] [SRC_METHOD: finest] Dispatcher finished sleep
[2018-01-10T17:12:06.543+01:00] [MS_OAM101] [ERROR] [FEDSTS-18080] [oracle.security.fed.util.ssl.KeystoreUtil] [tid: [ACTIVE].ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005OatAtyOk3r2QBebN6D50003HB00000z,0:1] [APP: oam_server#11.1.2.0.0] Could not retrieve key from the key store. Please verify that the key password is equal to the key store password. [[
java.security.UnrecoverableKeyException: Password must not be null
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:124)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:804)
at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)
at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)
at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:259)
at oracle.security.fed.util.ssl.KeystoreUtil.createKeyManagers(KeystoreUtil.java:134)
at oracle.security.fed.util.ssl.OIFSSLProtocolSocketFactory.createSSLContext(OIFSSLProtocolSocketFactory.java:125)
at oracle.security.fed.util.ssl.OIFSSLProtocolSocketFactory.getSSLContext(OIFSSLProtocolSocketFactory.java:113)
...................................
Changes
Configure federation as an SSL client (E.g.: OIF OAM in SP mode) using custom Java Trust and Key Stores, followed Doc ID 1675690.1
Cause
Sign In with your My Oracle Support account |
|
Don't have a My Oracle Support account? Click to get started |
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms