Configuring specific authentication schemes on the Web Agent on an Oracle HTTP Server requires specific SSLVerifyClient settings.
search cancel

Configuring specific authentication schemes on the Web Agent on an Oracle HTTP Server requires specific SSLVerifyClient settings.

book

Article ID: 45106

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Issue/Problem/Symptoms: 

Configuring specific authentication schemes on the Web Agent on an Oracle HTTP Server requires specific SSLVerifyClient settings.

When configuring various Cert based authentication schemes, no error is encountered, however the authentication schemes may fail to function.

 

Environment

Release: Applicable to all Agents
Component: SMAPC

 

Cause

The Single Sign-On Web Agent on the Oracle HTTP Server may have the SSLVerifyClient directive in the httpd.conf configured incorrectly depending on the authentication scheme used.

The SSLClientAuth directive sets the mode of the client authentication. Valid values are none, optional, or required.

None – (default) no client certificate will be requested

Optional – client certificate is requested but not required

Required – valid client certificate is required

 

When using ‘Cert or Basic’ or the ‘Cert of Form’ authentication schemes, SSLVerifyClient needs to be set to “optional”.

When using ‘Client Cert Only’, ‘Client Cert and Basic’, or ‘Client Cert and Form’ authentication schemes, SSLVerifyClient needs to be set to “required”.

 

*Note - make sure the value is spelled "required" and not "require"

Resolution

  1. Change the value of the SSLVerifyClient directive from within the httpd.conf used by the Oracle HTTP Server to the necessary value:
  2. SSLVerifyClient optional
  3. SSLVerifyClient required
  4. Restart the web server to apply the change.
Powered by Wolken Software