My Oracle Support Banner

Unable to access SAML SSO URL and seeing error 403 due expired certificates in keystore. (Doc ID 2758557.1)

Last updated on MARCH 15, 2021

Applies to:

Oracle WebLogic Server - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

WebLogic is SP while ADFS is IdP. When SSO call is made it fails with 403 error. The SAML assertion fails with following error.

java.security.cert.CertificateExpiredException: NotAfter: Wed Nov 18 00:00:00 UTC 2020
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:677)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:650)
at com.bea.security.saml2.util.SAML2Utils.getVerifyKey(SAML2Utils.java:552)

Changes

 Changed the certificates at the IDP end.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.