My Oracle Support Banner

"javax.xml.ws.soap.SOAPFaultException: FailedAuthentication : The security token cannot be authenticated" Using The OWSM "oracle/wss10_x509_token_with_message_protection_client_policy" Policy (Doc ID 1504429.1)

Last updated on JULY 28, 2017

Applies to:

Oracle Web Services Manager - Version 11.1.1.4.0 and later
Information in this document applies to any platform.
***Checked for relevance on 11-Apr-2014***

Symptoms

There is a web service protected by "oracle/wss10_x509_token_with_message_protection_service_policy" on a SOA installation.
Based on this web service, it was created a web service proxy client using JDeveloper with the next section of code:

...
        SecurityPoliciesFeature securityFeatures = new SecurityPoliciesFeature(new String[] { "oracle/wss10_x509_token_with_message_protection_client_policy" });
        HelloService helloService = helloService_Service.getHelloServicePort(securityFeatures);
        // Add your code to call the desired methods.
        
        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_KEYSTORE_LOCATION, "D:\\owsm\\pc2\\soa6a_domain\\client_keystore.jks");
        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_KEYSTORE_PASSWORD, "manager03");
        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_KEYSTORE_TYPE, "JKS");

        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_SIG_KEY_ALIAS, "webservice");
        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_SIG_KEY_PASSWORD, "manager03");

        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_ENC_KEY_ALIAS, "webservice");
        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_ENC_KEY_PASSWORD, "manager03");
        ((BindingProvider)helloService).getRequestContext().put(SecurityConstants.ClientConstants.WSS_RECIPIENT_KEY_ALIAS, "webservice");
        
        System.out.println(helloService.sayHello("Miguel"));
...

 
When the class is executed, then next error is reported in the log:

SEVERE: WSM-00279 The following Fault Message is received at the client side from the service:-
FailedAuthentication : The security token cannot be authenticated..

The client side policy is:-
oracle/wss10_x509_token_with_message_protection_client_policy.

The service endpoint url is:-
null.

Keystore properties:-
...
], oracle.integration.platform.common.subject=Subject:
}.
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: FailedAuthentication : The security token cannot be authenticated.
    at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:197)
    at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:130)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:125)
    at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:95)
    at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:136)
    at $Proxy34.sayHello(Unknown Source)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:84)
    at $Proxy35.sayHello(Unknown Source)
    at owsm.sample.x509.HelloServicePortClient.main(HelloServicePortClient.java:38)
Caused by: javax.xml.ws.soap.SOAPFaultException: FailedAuthentication : The security token cannot be authenticated.
    at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:231)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:403)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:539)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:253)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:171)
    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:708)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:103)
    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:311)
    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:336)
    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:99)
    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Process exited with exit code 1.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.