Security Header Behaviour Change After Upgrade From Weblogic 9.2 To Weblogic 11g (Doc ID 1566187.1)

Last updated on JUNE 09, 2016

Applies to:

Oracle Weblogic Server - Version 10.3.5 to 12.1.1.0
Information in this document applies to any platform.

Symptoms

After upgrading from weblogic 9.2 to Weblogic 10.3.6, many consumers web service request is being rejected by the container. After investigation, it was found that secure SOAP messages that worked in Weblogic 9.2 are failing in WLS 10.3.6.

Processing request (SoapMessageContext@2375638 <weblogic.wsee.connection.end_point_uri=/ServiceInvocation/ServiceInvocationService> <weblogic.wsee.context_path=/ServiceInvocation> <weblogic.wsee.connection.end_point_address=http://host:port/ServiceInvocation/ServiceInvocationService> })
Processing InterceptionHandler...
Processing WssServerHandler...
tokenType: null, cred: ns1:Assertion, privkey: null<SAMLCredentialImpl.:107>
Class of cred is: class weblogic.xml.saaj.SOAPElementImpl<SAMLCredentialImpl.:108>
Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.:113>
Getting SAMLAssertionInfo from DOM Element of CSS<SAMLCredentialImpl.:141>
Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =[Security:098517]Failed to get SAML assertion info: XML.ParserPool.validate() document validation fails (wrapped: cvc-datatype-valid.1.2.1: '35c861b0-6841-4aaf-9235-92d1cd588d2f' is not a valid value for 'NCName'.).<SAMLCredentialImpl.:152>
set Message called: weblogic.xml.saaj.SOAPMessageImpl@13f00af
set Message called: weblogic.xml.saaj.SOAPMessageImpl@145f12f
Processing WssServerHandler...
Processing InterceptionHandler...
Processing ConnectionHandler...
Webservice invoke failed
weblogic.xml.crypto.wss.WSSecurityException: Unknown exception, internal system processing error.
weblogic.xml.crypto.wss.WSSecurityException: Unknown exception, internal system processing error.
at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:95)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
at weblogic.wsee.ws.dispatch.server.ServerDispatcher.dispatch(ServerDispatcher.java:114)
at weblogic.wsee.ws.WsSkel.invoke(WsSkel.java:80)
at weblogic.wsee.server.servlet.SoapProcessor.handlePost(SoapProcessor.java:66)
at weblogic.wsee.server.servlet.SoapProcessor.process(SoapProcessor.java:44)
at weblogic.wsee.server.servlet.BaseWSServlet$AuthorizedInvoke.run(BaseWSServlet.java:285)
at weblogic.wsee.server.servlet.BaseWSServlet.service(BaseWSServlet.java:169)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3740)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3704)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2281)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2180)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms