OAM 12.2.1.4 - X509 Authentication Fails With: Path Does Not Chain With Any Of The Trust Anchors (Doc ID 2970382.1)

Last updated on AUGUST 25, 2023

Applies to:

Oracle Access Manager - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

On : 12.2.1.4.x version, Authentication Process

ACTUAL BEHAVIOR
---------------
x509 authentication fails with: Path does not chain with any of the trust anchors

In logs appears:

..............
<date/time> <Error> <oracle.oam.engine.authn> <OAMSSA-12117> <Cannot validate the user certificate. java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
...............

For Authentication was configured OAM X509 Auth module to authenticate end users with certificates.

Furthermore, the CA certificate was added to the amtruststore and saved the configuration in the DB by using WLST: saveAccessArtifacts

In front of the OAM there is OHS, which terminates TLS and propagates the client certificate in WL-Proxy-Client-Cert HTTP header.
OHS is configured to require client certificates issued by the CA that is imported to the amtruststore.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

OAM 12.2.1.4 - X509 Authentication Fails With: Path Does Not Chain With Any Of The Trust Anchors (Doc ID 2970382.1)

Applies to:

Symptoms

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!