SSO Client Certificate Authentication Fails With 3rd Party SSL Accelerator
Last updated on MARCH 08, 2017
Applies to:Oracle Application Server Single Sign-On - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 19-OCT-2015***
SSO has been configured for client certificate authentication and login is successful when the SSO HTTP Server is fully SSL configured.
When the SSO HTTP Server is reconfigured for routing via a 3rd party SSL accelerator such as Cisco client certificate authentication fails.
The debug ssoServer.log shows:
Wed Oct 4 15:50:27 GMT 2006 [DEBUG] AJPRequestHandler-ApplicationServerThread-8 User's browser cerificate not found.
Client <--HTTPS--> Hardware LBR (Cisco) <--HTTP(X.509 in header)--> 10gAS SSO HTTP Server
The 10gAS configuration appears to be correct to work with SSL Accelerator i.e.
The following are set in the SSO HTTP Server httpd.conf:
The sso_apache.conf has the following at the top of the file (not within the <IfDefine SSL> tags):
SSLOptions +ExportCertData +StdEnvVars
The debug HTTP Server error_log.<ts> file shows that certificate fields are being passed to HTTP Server in the HTTP headers and is_ssl is enabled for the requests:
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms