Certificate Generated for SAMLSSO Configuration is Valid Only for 90 Days (Doc ID 1082081.1)

Last updated on NOVEMBER 22, 2016

Applies to:

Oracle WebCenter - Version: 11.1.1.2.0 to 11.1.1.2.0
This problem can occur on any platform.

Symptoms


The certificate created using "keytool" as explained in the documentation below is only valid for 90 days. This is the default setting.

Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1)
Part Number E12405-05
23.7.3 Configuring SAML-based Single Sign-on
23.7.3.2.2 Generating and Registering Certificates

When a certificate expires, following symptoms are observed:

When trying to add groups as members to a group space, consistently, instead of the group, the users of the particular group are added.

This is accompanied by the following errors in spaces-diagnostic.log:
[2010-04-15T10:30:14.562+03:00] [WLS_Spaces] [TRACE] []
[oracle.webcenter.security.common.SecurityHelper] [tid:
[STUCK].ExecuteThread: '4' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: portaladmin] [ecid:
0000IW0B86C5Uc_5xRCCyW1BlUsl00001L,0] [SRC_CLASS:
oracle.webcenter.security.common.SecurityHelper] [APP: webcenter]
[SRC_METHOD: checkPermissionForPrincipal]
checkPermissionForPrincipalChecking permission for permissionObject
oracle.webcenter.peopleconnections.profile.security.ProfilePermission//oracle
/webcenter/peopleconnections/profile/s8bba98ff_4cbb_40b8_beee_296c916a23ed/.*
/view
[2010-04-15T10:30:14.584+03:00] [WLS_Spaces] [NOTIFICATION] []
[oracle.webcenter.spaces] [tid: [STUCK].ExecuteThread: '4' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: portaladmin] [ecid:
0000IW0B86C5Uc_5xRCCyW1BlUsl00001L,0]
[2010-04-15T10:30:14.588+03:00] [WLS_Spaces] [NOTIFICATION] []
[oracle.webcenter.webcenterapp] [tid: [STUCK].ExecuteThread: '4' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: portaladmin] [ecid:
0000IW0B86C5Uc_5xRCCyW1BlUsl00001L,0] [APP: webcenter] The following
identity :WEBSite is a WLS group
[2010-04-15T10:30:14.591+03:00] [WLS_Spaces] [TRACE] []
[oracle.webcenter.security.rolemapping.RoleManager] [tid:
[STUCK].ExecuteThread: '4' for queue: 'weblogic.kernel.Default
(self-tuning)'] [userId: portaladmin] [ecid:
0000IW0B86C5Uc_5xRCCyW1BlUsl00001L,0] [SRC_CLASS:
oracle.webcenter.security.rolemapping.RoleManager] [APP: webcenter]
[SRC_METHOD: isEnterpriseRoleMappingSupported] returning roleMappingEnabled
value from app scoped map as: false
[2010-04-15T10:30:14.592+03:00] [WLS_Spaces] [NOTIFICATION] []
[oracle.webcenter.webcenterapp] [tid: [STUCK].ExecuteThread: '4' for queue:
'weblogic.kernel.Default (self-tuning)'] [userId: portaladmin] [ecid:
0000IW0B86C5Uc_5xRCCyW1BlUsl00001L,0] [APP: webcenter] Group shredding is
enabled, so adding users for group :WEBSite

Following is reported in the WLS_Services.log at the time of group shredding:
(...)
[2010-04-16T11:02:32.184+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: 004X5O8YZLh5Uc_5xRCCyW0007ze0000HM,0:1] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:02:41.815+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: 004X5O97Hv05Uc_5xRCCyW0007ze0000I5,0:1] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:03:59.519+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: 004X5ODjh3d5Uc_5xRCCyW0007ze0000Iv,0:1] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:04:00.756+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: 004X5ODoRZY5Uc_5xRCCyW0007ze0000Iw,0:1] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:04:00.847+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: 004X5ODon5_5Uc_5xRCCyW0007ze0000Ix,0:1] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

[2010-04-16T11:04:01.879+03:00] [WLS_Services] [ERROR] []
[org.codehaus.xfire.security.wss4j.WSS4JInHandler] [tid:
[ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default
(self-tuning)'] [ecid: 004X5ODshLj5Uc_5xRCCyW0007ze0000Iy,0:1] [APP:
owc_discussions#11.1.1.2.0] [URI:
/owc_discussions/custom/rpc/soap/ProfileService]
org.apache.ws.security.WSSecurityException: The signature verification failed
(The provided certificate is invalid)

(...)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms