My Oracle Support Banner

WebCenter Portal Cannot Connect To Discussion Server Shows Error "Web service authentication failed. javax.security.auth.login.LoginException: Security Exception" (Doc ID 1433491.1)

Last updated on JULY 02, 2023

Applies to:

Oracle WebCenter Portal - Version 11.1.1.4.0 to 11.1.1.8.4 [Release 11g]
Oracle Platform Security for Java - Version 11.1.1.4.0 to 11.1.1.7.0 [Release Oracle11g]
Information in this document applies to any platform.

Symptoms

When attempting to view the Discussions service administration section through Spaces Administration (Administration=>Configuration=>Services) an error similar to the below is thrown in the UI and Discussions and Spaces logs (full log text follows):

<Feb 14, 2012 11:32:56 AM EST> <Error> <oracle.wsm.resources.security> <WSM-00008> <Web service authentication failed.
javax.security.auth.login.LoginException: Security Exception
.
.
<Feb 14, 2012 11:32:57 AM EST> <Error> <oracle.webservices.service> <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: FailedAuthentication : The security token cannot be authenticated.


Full exception message:

<Feb 14, 2012 11:32:56 AM EST> <Error> <oracle.wsm.resources.security> <WSM-00008> <Web service authentication failed.
javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:234)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:374)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:274)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:199)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:534)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:508)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:134)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:596)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:666)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:342)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:289)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:975)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:460)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:105)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:484)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:189)
at com.jivesoftware.base.action.util.JiveFilterDispatcher.doFilter(JiveFilterDispatcher.java:68)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.jivesoftware.base.util.webwork.JiveActionContextCleanUp.doFilter(JiveActionContextCleanUp.java:38)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused By: java.lang.SecurityException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:234)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:374)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:274)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:199)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:534)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:508)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:134)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:596)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:666)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:342)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:289)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:975)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:460)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:105)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:484)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:189)
at com.jivesoftware.base.action.util.JiveFilterDispatcher.doFilter(JiveFilterDispatcher.java:68)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.jivesoftware.base.util.webwork.JiveActionContextCleanUp.doFilter(JiveActionContextCleanUp.java:38)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
<Feb 14, 2012 11:32:56 AM EST> <Error> <oracle.wsm.resources.security> <WSM-00006> <Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed..>
<Feb 14, 2012 11:32:56 AM EST> <Error> <oracle.wsm.resources.enforcement> <WSM-07607> <Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-token executor class oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.>
<Feb 14, 2012 11:32:56 AM EST> <Error> <oracle.wsm.resources.enforcement> <WSM-07602> <Failure in WS-Policy Execution due to exception.>
<Feb 14, 2012 11:32:56 AM EST> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=owc_discussions_11.1.1.4.0, composite=null, modelObj=OWCDiscussionsServiceAuthenticated, policy=oracle/wss10_saml_token_service_policy, policyVersion=3, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-token.>
<Feb 14, 2012 11:32:57 AM EST> <Error> <oracle.webservices.service> <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: FailedAuthentication : The security token cannot be authenticated.
at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:235)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:105)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:235)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:155)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:563)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:230)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:192)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:484)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:189)
at com.jivesoftware.base.action.util.JiveFilterDispatcher.doFilter(JiveFilterDispatcher.java:68)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.jivesoftware.base.util.webwork.JiveActionContextCleanUp.doFilter(JiveActionContextCleanUp.java:38)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.wsm.common.sdk.WSMException: FailedAuthentication : The security token cannot be authenticated.
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:153)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:596)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:666)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:342)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:289)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:975)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:460)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
... 38 more
Caused by: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed.
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:239)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:374)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:274)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:199)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:534)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:508)
at oracle.wsm.security.policy.scenario.executor.Wss10SamlTokenScenarioExecutor.receiveRequest(Wss10SamlTokenScenarioExecutor.java:134)
... 47 more
Caused by: javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:234)
... 53 more
Caused by: java.lang.SecurityException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
... 58 more
>


This occurs even after confirming the proper settings for WebLogic Domain, Spaces and Discussions Server administrator user configuration, Web Service policy settings, and Domain authentication provider settings.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.