> My belief at this point is that Oracle is only sending the client > certificate to browser (IE) based clients. That would explain the problem. I > have created an Oracle TAR, to see if this is an Oracle problem. >
Dale, This assumption can be easily tested. The only way the target web server can tell IE from other agents is by the User-Agent request header. Try setting the user agent header to something like that and see if that makes any difference. GetMethod httpget = new GetMethod("/"); httpget.setRequestHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"); This can also be a problem with the Sum implementation of JSSE, which for whatever reason ignores the client certificate request issued by the Oracle single signon server. Consider trying alternative JSSE implementations such as IBM JSSE or IAIK iSaSiLk. Likewise, it may also be a bug in the Oracle SSL library. Do you know exactly what SSL implementation Oracle single signon server employs? It is based on OpenSSL or some proprietary stuff? Hope this helps Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]