My Oracle Support Banner

Certificate Generated for SAMLSSO Configuration is Valid Only for 90 Days (Doc ID 1082081.1)

Last updated on FEBRUARY 27, 2019

Applies to:

Oracle WebCenter Portal - Version 11.1.1.2.0 to 11.1.1.2.0 [Release 11g]
Information in this document applies to any platform.

Symptoms


The certificate created using "keytool" as explained in the documentation below is only valid for 90 days. This is the default setting.

Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1)
Part Number E12405-05
23.7.3 Configuring SAML-based Single Sign-on
23.7.3.2.2 Generating and Registering Certificates


When a certificate expires, following symptoms are observed:

When trying to add groups as members to a group space, consistently, instead of the group, the users of the particular group are added.

This is accompanied by the following errors in spaces-diagnostic.log:

[2010-04-15T10:30:14.562+03:00] [WLS_Spaces] [TRACE] []
[oracle.webcenter.security.common.SecurityHelper] [tid:
[STUCK].ExecuteThread: '4' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <USER>] [ecid: <ECID>] [SRC_CLASS:
oracle.webcenter.security.common.SecurityHelper] [APP: webcenter]
[SRC_METHOD: checkPermissionForPrincipal]
checkPermissionForPrincipalChecking permission for permissionObject
oracle.webcenter.peopleconnections.profile.security.ProfilePermission//oracle
/webcenter/peopleconnections/profile/s8bba98ff_4cbb_40b8_beee_296c916a23ed/.*
/view
[2010-04-15T10:30:14.584+03:00] [WLS_Spaces] [NOTIFICATION] []
[oracle.webcenter.spaces] [tid: [STUCK].ExecuteThread: '4' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: <USER>] [ecid:<ECID>]
[2010-04-15T10:30:14.588+03:00] [WLS_Spaces] [NOTIFICATION] []
[oracle.webcenter.webcenterapp] [tid: [STUCK].ExecuteThread: '4' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: <USER>] [ecid:<ECID>] [APP: webcenter] The following
identity :<GROUP_NAME> is a WLS group
[2010-04-15T10:30:14.591+03:00] [WLS_Spaces] [TRACE] []
[oracle.webcenter.security.rolemapping.RoleManager] [tid:
[STUCK].ExecuteThread: '4' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: <USER>] [ecid:<ECID>] [SRC_CLASS:
oracle.webcenter.security.rolemapping.RoleManager] [APP: webcenter]
[SRC_METHOD: isEnterpriseRoleMappingSupported] returning roleMappingEnabled
value from app scoped map as: false
[2010-04-15T10:30:14.592+03:00] [WLS_Spaces] [NOTIFICATION] []
[oracle.webcenter.webcenterapp] [tid: [STUCK].ExecuteThread: '4' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: <USER>] [ecid:<ECID>] [APP: webcenter] Group shredding is
enabled, so adding users for group :<GROUP_NAME>


Following is reported in the WLS_Services.log at the time of group shredding:

(...)
[2010-04-16T11:02:32.184+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: <ECID>] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:02:41.815+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: <ECID>] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:03:59.519+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: <ECID>] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:04:00.756+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: <ECID>] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:04:00.847+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: <ECID>] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:04:01.879+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: <ECID>] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

(...)

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.