OVD 11g With EUS Using SSL Mutual Authentication (Client Server Authentication / SSL Mode 3) Fails to Find the UserCertificate;binary: Attribute Value. (Doc ID 1553759.1)

Last updated on JUNE 30, 2017

Applies to:

Oracle Virtual Directory - Version 11.1.1.0 and later
Advanced Networking Option - Version 10.2.0.1 and later
Information in this document applies to any platform.

Symptoms

Oracle Virtual Directory (OVD) 11g.

Configured Oracle Virtual Directory for Enterprise User Security (EUS) using SSL authentication using the EUS Adapter wizard, so the EUS metadata/oraclecontext is stored in OVD Local Store Adapters (LSAs) and the user information is on external LDAP directory, such as Sun's.

EUS works for password authentication but would like to have it working with SSL Mutual Authentication (mode 3 SSL or client/server authentication).

The user certificates are in one external LDAP server.  This PKI directory has the user certificate contained in the userCertificate attribute.  The user information and LDAP passwords are on another, separate LDAP server.

A user in the User directory has a different DN then their certificate in the PKI directory.  The User directory has the certificate DN value as an attribute, that can be used to search the PKI directory for the users certificate entry.

Created another adapter for the PKI directory.  Then created a simple join of the PKI directory with the User directory, following the documentation.  The userCertificate value is returned in the result from a search for a user.

Used this joined result for the EUS login, but when trying to use EUS SSL authentication, it fails to find the userCertificate;binary: attribute value.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms