SSO Client Certificate Authentication Fails With 3rd Party SSL Accelerator
(Doc ID 399616.1)
Last updated on MARCH 20, 2019
Applies to:Oracle Application Server Single Sign-On - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 20-MAR-2019***
SSO has been configured for client certificate authentication and login is successful when the SSO HTTP Server is fully SSL configured.
When the SSO HTTP Server is reconfigured for routing via a 3rd party SSL accelerator such as Cisco client certificate authentication fails.
The debug ssoServer.log shows:
Wed Oct 4 15:50:27 GMT 2006 [DEBUG] AJPRequestHandler-ApplicationServerThread-8 User's browser cerificate not found.
Client <--HTTPS--> Hardware LBR (Cisco) <--HTTP(X.509 in header)--> 10gAS SSO HTTP Server
The 10gAS configuration appears to be correct to work with SSL Accelerator i.e.
The following are set in the SSO HTTP Server httpd.conf:
The sso_apache.conf has the following at the top of the file (not within the <IfDefine SSL> tags):
SSLOptions +ExportCertData +StdEnvVars
The debug HTTP Server error_log.<ts> file shows that certificate fields are being passed to HTTP Server in the HTTP headers and is_ssl is enabled for the requests:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document