Clientsslkeystorepwd, Clientssltruststorepwd Not Properly Written In oam-config.xml when configure Two-Way SSL

(Doc ID 2354804.1)

Last updated on FEBRUARY 09, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.3.170418 and later
Information in this document applies to any platform.

Symptoms

Try to configure federation as an SSL client (E.g.: in SP mode) by using custom Java Trust and Key Stores.

Followed Doc ID 1675690.1

After this, ssl communication still fail , the last step where it fail

is the call to the artifacteResolve service of the IDP on a secure channel (two way SSL). In OAM diagnostic logs appear error:

[2018-01-10T17:12:06.418+01:00] [MS_OAM101] [NOTIFICATION:16] [OAMSSA-22009] [oracle.oam.diagnostic] [tid: [ACTIVE].ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005OatAtyOk3r2QBebN6D50003HB00000z,0:1] [APP: oam_server#11.1.2.0.0] Registering collector at runtime.

[2018-01-10T17:12:06.453+01:00] [MS_OAM101] [TRACE:32] [] [oracle.oam.engine.session] [tid: OAM - SME Session Store Dispatcher (JDBC)] [userId: <anonymous>] [ecid: bad9740006703b48:67775f9d:160e04736dc:-7ffd-0000000000000004,1:26756] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.security.am.engines.common.adapters.OAMLoggerImpl] [SRC_METHOD: finest] Dispatcher finished sleep

[2018-01-10T17:12:06.543+01:00] [MS_OAM101] [ERROR] [FEDSTS-18080] [oracle.security.fed.util.ssl.KeystoreUtil] [tid: [ACTIVE].ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 005OatAtyOk3r2QBebN6D50003HB00000z,0:1] [APP: oam_server#11.1.2.0.0] Could not retrieve key from the key store. Please verify that the key password is equal to the key store password. [[

java.security.UnrecoverableKeyException: Password must not be null

at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:124)

at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)

at java.security.KeyStore.getKey(KeyStore.java:804)

at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:131)

at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:68)

at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:259)

at oracle.security.fed.util.ssl.KeystoreUtil.createKeyManagers(KeystoreUtil.java:134)

at oracle.security.fed.util.ssl.OIFSSLProtocolSocketFactory.createSSLContext(OIFSSLProtocolSocketFactory.java:125)

at oracle.security.fed.util.ssl.OIFSSLProtocolSocketFactory.getSSLContext(OIFSSLProtocolSocketFactory.java:113)

...................................

 

Changes

 

Configure federation as an SSL client (E.g.: OIF OAM in SP mode) using custom Java Trust and Key Stores, followed Doc ID 1675690.1

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms