OAM 12.2.1.4 - X509 Authentication Fails With: Path Does Not Chain With Any Of The Trust Anchors
(Doc ID 2970382.1)
Last updated on NOVEMBER 25, 2024
Applies to:
Oracle Access Manager - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Symptoms
On : 12.2.1.4.x version, Authentication Process
ACTUAL BEHAVIOR
---------------
x509 authentication fails with: Path does not chain with any of the trust anchors
In logs appears:
..............
<date/time> <Error> <oracle.oam.engine.authn> <OAMSSA-12117> <Cannot validate the user certificate. java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...............
For Authentication was configured OAM X509 Auth module to authenticate end users with certificates.
Furthermore, the CA certificate was added to the amtruststore and saved the configuration in the DB by using WLST: saveAccessArtifacts
In front of the OAM there is OHS, which terminates TLS and propagates the client certificate in WL-Proxy-Client-Cert HTTP header.
OHS is configured to require client certificates issued by the CA that is imported to the amtruststore.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |