Error: "javax.net.ssl.SSLException: Received fatal alert: illegal_parameter" When Testing Connection To An LDAP SSL Server Or At Login To P6 Configured For LDAP SSL (Doc ID 1599942.1)

Last updated on JULY 03, 2017

Applies to:

Primavera P6 Enterprise Project Portfolio Management - Version 8.0 and later
Information in this document applies to any platform.

Symptoms

When attempting to test an LDAPS (SSL) connection from the administrative application, or attempting to login to P6 configured for LDAPS (SSL) (both configured to use JDK 1.7.0_25 or later), the following error is written to the a) Log tab if using the Administration application and b) P6WebAccess.html log file if attempting login to P6:

ERROR
-----------------------
javax.naming.CommunicationException: simple bind failed: LDAPServerName:SSLPort [Root exception is javax.net.ssl.SSLException: Received fatal alert: illegal_parameter]
  at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
  at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:316)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
  at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
  at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
  at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
  at javax.naming.InitialContext.init(InitialContext.java:242)
  at javax.naming.InitialContext.(InitialContext.java:216)
  at javax.naming.directory.InitialDirContext.(InitialDirContext.java:101)
  at com.primavera.infr.ldap.LDAPHelper.connect(Unknown Source)
  at com.primavera.infr.ldap.LDAPServiceImpl.a(Unknown Source)
  at com.primavera.infr.ldap.LDAPServiceImpl.authenticate(Unknown Source)
  at com.primavera.bre.SubSystemFacadeImpl.authenticate(Unknown Source)
  at com.primavera.bo.common.LoginHelper.loginLDAP(Unknown Source)
  at com.primavera.bo.common.LoginHelper.login(Unknown Source)
  at com.primavera.bo.common.LoginHelper.login(Unknown Source)
  at com.primavera.bo.remotable.SessionLifetime.login(Unknown Source)
  at com.primavera.bo.remotable.qproxy.SessionLifetime.login(Unknown Source)
  at com.primavera.bo.DBSessionLifetime.login(Unknown Source)
  at com.primavera.pvweb.main.login.LoginDelegate.login(Unknown Source)
  at com.primavera.pvweb.main.login.LoginAction.login(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:270)
  at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:187)
  at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
  at com.primavera.pvweb.FrontRequestProcessor.processActionPerform(Unknown Source)
  at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
  at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
  at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at com.primavera.pvweb.GZIPFilter.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at com.primavera.pvweb.XSSFilter.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at com.primavera.pvweb.FrontFilter.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at com.primavera.pvweb.filters.ApplicationContextInjector.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at com.primavera.pvweb.DisableURLEncodingFilter.doFilter(Unknown Source)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
  at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
  at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
  at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961)
  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
  at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
  at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
  at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
  at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
  at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
  at com.sun.jndi.ldap.Connection.run(Connection.java:849)
  at java.lang.Thread.run(Thread.java:724)


STEPS
-----------------------
The issue can be reproduced at will with the following steps:

From the Administration Application:
1. Browse to the P6 Home Directory
2. Launch the P6 Administration Application
3. Select Authentication tab
4. Expand Configuration > Database Instance > LDAP Connection Settings
5. Ensure the LDAP Connection is configured for SSL, and and LDAP Keystore is configured with P6
6. Right-click 'LDAP Connection Settings' and test connection
7. The error occurs

From P6 (configured for LDAP SSL):
1. Browse to P6 login page
2. Attempt Login to P6
3. Error "Invalid Username or password" is returned on page, and error above is logged to P6WebAccess.html

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms