Rel 10: Single Sign On Not Working For Outlook Add-in After REL10 upgrade (Doc ID 2081116.1)

Last updated on DECEMBER 14, 2015

Applies to:

Oracle Fusion Sales Cloud Service - Version 11.1.10.0.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.10.0.0 version, Microsoft Outlook

When attempting to log-in using Outlook SSO the following error occurs.

ERROR
-----------------------
Failed to login using given user info. Please re-enter your user info and try again.
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
InnerExceptiond:FailedAuthentication : The security token cannot be authenticated.

 

 

SalesServer logs

-----------------------
Caused by: oracle.wsm.security.SecurityException: WSM-00062 : The path to the certificate used for the signature is invalid.
at oracle.wsm.security.policy.scenario.processor.ProcessorUtils.verifyAssertionIssuerCert(ProcessorUtils.java:741)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verifyIssuersSignature(WssSamlTokenProcessor.java:600)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:356)
.............................................
Caused by: oracle.wsm.security.SecurityException: WSM-00138 : The path to the certificate is invalid.
Validation failed for the certificate "Subject DN:- CN=ADFS Signing - ofs.orange.ro, Serial Number:- 107393716621005931466784269930961999870, Issuer DN:- CN=ADFS Signing - ofs.orange.ro"
Certificates in cert path used for validation are:-
"Subject DN:- CN=ADFS Signing - ofs.orange.ro, Issuer DN:- CN=ADFS Signing - ofs.orange.ro"
at oracle.wsm.security.jps.WsmKeyStore.throwFailMsgForCertPathValidation(WsmKeyStore.java:702)
at oracle.wsm.security.jps.WsmKeyStore.validateCertificatePath(WsmKeyStore.java:661)
at oracle.wsm.security.policy.scenario.processor.ProcessorUtils.verifyAssertionIssuerCert(ProcessorUtils.java:734)
.............................................
Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at oracle.wsm.security.jps.WsmKeyStore.validateCertificatePath(WsmKeyStore.java:649)




STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Open Outlook
2. Log-in using SSO
3. process fails

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users cannot login using SSO.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms