Issue/Problem/Symptoms:
Configuring specific authentication schemes on the Web Agent on an Oracle HTTP Server requires specific SSLVerifyClient settings.
When configuring various Cert based authentication schemes, no error is encountered, however the authentication schemes may fail to function.
Release: Applicable to all Agents
Component: SMAPC
The Single Sign-On Web Agent on the Oracle HTTP Server may have the SSLVerifyClient directive in the httpd.conf configured incorrectly depending on the authentication scheme used.
The SSLClientAuth directive sets the mode of the client authentication. Valid values are none, optional, or required.
None – (default) no client certificate will be requested
Optional – client certificate is requested but not required
Required – valid client certificate is required
When using ‘Cert or Basic’ or the ‘Cert of Form’ authentication schemes, SSLVerifyClient needs to be set to “optional”.
When using ‘Client Cert Only’, ‘Client Cert and Basic’, or ‘Client Cert and Form’ authentication schemes, SSLVerifyClient needs to be set to “required”.
*Note - make sure the value is spelled "required" and not "require"