My Oracle Support Banner

Clientsslkeystorepwd, Clientssltruststorepwd Not Properly Written In oam-config.xml when configure Two-Way SSL (Doc ID 2354804.1)

Last updated on MARCH 29, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.3.170418 and later
Information in this document applies to any platform.

Symptoms

Try to configure federation as an SSL client (E.g.: in SP mode) by using custom Java Trust and Key Stores.

Followed Doc ID 1675690.1

After this, ssl communication still fail , before fail

is the call to the artifacteResolve service of the IDP on a secure channel (two way SSL). In OAM diagnostic logs appear error:

[2018-01-10T17:12:06.418+01:00] [MS_OAM101] [NOTIFICATION:16] [OAMSSA-22009] [oracle.oam.diagnostic] [tid: [ACTIVE].ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005OatAtyOk3r2QBebN6D50003HB00000z,0:1] [APP: oam_server#11.1.2.0.0] Registering collector at runtime.

[2018-01-10T17:12:06.453+01:00] [MS_OAM101] [TRACE:32] [] [oracle.oam.engine.session] [tid: OAM - SME Session Store Dispatcher (JDBC)] [userId: <anonymous>] [ecid: bad9740006703b48:67775f9d:160e04736dc:-7ffd-0000000000000004,1:26756] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImpl] [SRC_METHOD: finest] Dispatcher finished sleep

[2018-01-10T17:12:06.543+01:00] [MS_OAM101] [ERROR] [FEDSTS-18080] [oracle.security.fed.util.ssl.KeystoreUtil] [tid: [ACTIVE].ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005OatAtyOk3r2QBebN6D50003HB00000z,0:1] [APP: oam_server#11.1.2.0.0] Could not retrieve key from the key store. Please verify that the key pass is equal to the key store pass. [[

java.security.UnrecoverableKeyException: Pass must not be null

at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:124)

at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)

at java.security.KeyStore.getKey(KeyStore.java:804)

at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)

at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)

at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:259)

at oracle.security.fed.util.ssl.KeystoreUtil.createKeyManagers(KeystoreUtil.java:134)

at oracle.security.fed.util.ssl.OIFSSLProtocolSocketFactory.createSSLContext(OIFSSLProtocolSocketFactory.java:125)

at oracle.security.fed.util.ssl.OIFSSLProtocolSocketFactory.getSSLContext(OIFSSLProtocolSocketFactory.java:113)

...................................

 

Changes

 

Configure federation as an SSL client (E.g.: OIF OAM in SP mode) using custom Java Trust and Key Stores, followed Doc ID 1675690.1

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.