Error - No certificates found in the LDAP directory

Our organization has upgrade the PKI environment recently. And the secure web services does not work any more with following error message.

Failed to derive subject from
token.javax.security.auth.login.LoginException:
[Security:090377]Identity Assertion Failed,
weblogic.security.spi.IdentityAssertionException:
[Security:090377]Identity Assertion Failed,
weblogic.security.spi.IdentityAssertionException: [Security:090833]No certificates found in the LDAP directory.

We've enable security trace by add following parameter into weblogic server startup script "-Dweblogic.security.verbose=* -Djava.security.verbose=* -Dweblogic.wsee.verbose=*"
It show in the log that we have passed encryption and signature validation successfully and the error is right after the validations.

Then we have enabled weblogic server debug for the security, and we have traced the ladp lookup query statement, it turns out our LDAP X509 Identity Assertion Provider in WebLogic was configured to expect "userCertificate;binary" which seems does not supported by our new PKI environment.

By changed the "userCertificate;binary" to "userCertificate", the secure web services is back to work.


Also please check my new web site Scan2D QR Code Mobile Solution


Working on some free QR Code solution recently.
https://www.ibm.com/developerworks/community/blogs/70d4c7ae-7b21-490d-b6f2-5fdbaa1dbcd5/entry/5_BENEFITS_OF_QR_CODES_FOR_SMALL_BUSINESS?lang=en