Authorization(mod_auth_basic) for a Client in Oracle HTTP Server Fails to Function
(Doc ID 2708565.1)
Last updated on JANUARY 09, 2023
Applies to:
Oracle HTTP Server - Version 12.2.1.3.0 and laterInformation in this document applies to any platform.
Symptoms
After adding FakeBasicAuth to SSLOptions for client authorization via mod_auth_basic, users still are presented with a username and password form. Whether the user is authorized or not, the same behavior is seen suggesting the functionality does not work as expected.
Documentation
Authorizing a Client for a Particular URL
https://docs.oracle.com/middleware/12213/webtier/administer-ohs/workwith.htm#GUID-67439614-C253-4EB8-88E6-4EA989D6EEC4
Configuration Example
SSLVerifyClient require
...
Alias /<DIRECTORY>/ /<DIRECTORY>/
<Directory "<DIRECTORY>">
SSLVerifyClient require
SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars
AuthName "Oracle Authz"
AuthType Basic
AuthBasicProvider file
AuthUserFile "<httpd.passwd File>"
Require valid-user
</Directory>
Trace logging shows the information on the failure.
[DATE/TIME] [OHS] [TRACE:16] [AH01626] [authz_core] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[DATE/TIME] [OHS] [TRACE:16] [AH01626] [authz_core] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[DATE/TIME] [OHS] [NOTIFICATION:32] [AH02036] [ossl] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] AH02036: Faking HTTP Basic Auth header: "Authorization: Basic <VALUE1>"
[DATE/TIME] [OHS] [ERROR:32] [AH01618] [auth_basic] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] AH01618: user <VALUE2> not found: /<DIRECTORY>/index.html
[DATE/TIME] [OHS] [TRACE:24] [OH99999] [ora_audit] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] AUDIT EVENT scope R type 2 method (none) flags <authn> role (none) reason user not found id <VALUE3>
[DATE/TIME] [OHS] [TRACE:16] [OH99999] [ora_audit] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] Audit not enabled
[DATE/TIME] [OHS] [TRACE:22] [OH99999] [core] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] auth phase 'check user' gave status 401: /<DIRECTORY>/index.html
[DATE/TIME] [OHS] [TRACE:22] [OH99999] [http] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] Response sent with status 401, headers:
[DATE/TIME] [OHS] [TRACE:26] [OH99999] [http] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] Date: <DATE/TIME>
[DATE/TIME] [OHS] [TRACE:26] [OH99999] [http] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] Server: Oracle-HTTP-Server
[DATE/TIME] [OHS] [TRACE:24] [OH99999] [http] [client_id: <IP>] [host_id: <FQDN>] [host_addr: <IP>] [pid: <PID>] [tid: <TID>] [user: <USER>] [ecid: <ECID>] [rid: 0] [VirtualHost: <FQDN>:<PORT>] WWW-Authenticate: Basic realm=\\"Oracle Authz\\"
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |