> My belief at this point is that Oracle is only sending the client
> certificate to browser (IE) based clients. That would explain the problem. I
> have created an Oracle TAR, to see if this is an Oracle problem.
>
Dale,
This assumption can be easily tested. The only way the target web server
can tell IE from other agents is by the User-Agent request header.
Try setting the user agent header to something like that and see if that
makes any difference.
GetMethod httpget = new GetMethod("/");
httpget.setRequestHeader("User-Agent",
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)");
This can also be a problem with the Sum implementation of JSSE, which
for whatever reason ignores the client certificate request issued by the
Oracle single signon server. Consider trying alternative JSSE
implementations such as IBM JSSE or IAIK iSaSiLk. Likewise, it may also
be a bug in the Oracle SSL library. Do you know exactly what SSL
implementation Oracle single signon server employs? It is based on
OpenSSL or some proprietary stuff?
Hope this helps
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
