My Oracle Support Banner

WSRP Demo Certificate Expired with CertificateExpiredException, "Security Token Failed to Validate" or "Unable to Add Security Token for Identity" Errors (Doc ID 1587622.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Oracle WebLogic Portal - Version 9.2.0 to 10.3.6 [Release Weblogic Platform to AS10gR3]
Information in this document applies to any platform.

Symptoms

WSRP Portlets stop working due to the following Exceptions on either the Producer or the Consumer.  Note that the exception(s) you see may not be indentical to these exceptions depending on the WebLogic Portal (WLP) version.

Producer Exception:

####<Sep 29, 2013 11:34:53 PM BRT> <Error> <Security> <xxx> <xxx> <[ACTIVE] ExecuteThread: '56' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1380508493583> <BEA-000000> <NotAfter: Sun Sep 29 21:51:52 BRT 2013
java.security.cert.CertificateExpiredException: NotAfter: Sun Sep 29 21:51:52 BRT 2013
       at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:543)
       at com.bea.security.saml2.util.SAML2Utils.getVerifyKey(SAML2Utils.java:522)
       at com.bea.security.saml2.service.sso.AuthnRequestValidator.verifySignature(AuthnRequestValidator.java:59)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:141)
       at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
       at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
       at sun.reflect.GeneratedMethodAccessor672.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
       at $Proxy35.process(Unknown Source)
       at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

 

 

Consumer Exception:

com.bea.wsrp.faults.TransportException: Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@73118c[status: false][msg The SAML token is not valid.]
at com.bea.wsrp.faults.FaultInstanceFactory.getException(FaultInstanceFactory.java:94)
at com.bea.wsrp.proxy.ProxyBase.raiseFault(ProxyBase.java:768)
at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:478)
at $Proxy112.initCookie(Unknown Source)
at com.bea.wsrp.consumer.markup.CookieManager.invoke(CookieManager.java:336)
at com.bea.wsrp.consumer.markup.CookieManager.invoke(CookieManager.java:45)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:85)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:68)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:61)
at com.bea.wsrp.consumer.markup.CookieManager.ensureInitCookies(CookieManager.java:236)
at com.bea.wsrp.consumer.markup.MarkupServicesFacade.ensureInitCookies(MarkupServicesFacade.java:176)
at com.bea.wsrp.consumer.controls.ProxyPortlet.preRender(ProxyPortlet.java:876)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)\

 

 

The following exception may also be thrown when attempting to register a producer handle in the Portal Admin Tool if the WSRP certificate has expired.

 

Note: This exception can also occur for reasons other than an expired WSRP Demo Certificate (for example, if the logged in Consumer user doesn't exist in the Producer you are registering) so it is not unique to this issue.  If you experience this exception, please make sure it's occurring due to an expired WSRP Demo Certificate before proceeding with the solution in this article.  If you have any questions please open a Service Request (SR) with WLP Support.

 

com.bea.wsrp.faults.OperationFailedException: Remote service invocation failed; nested exception is:
    weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity; nested exception is:
    java.rmi.RemoteException: Remote service invocation failed; nested exception is:
    weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
    at com.bea.wsrp.proxy.ProxyBase.isOptionSupported(ProxyBase.java:1233)
    at com.bea.wsrp.proxy.ProxyBase.getPreferredVersion(ProxyBase.java:1096)
    at com.bea.wsrp.proxy.ProxyBase.getMaxNSforOperation(ProxyBase.java:1031)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:446)
    at $Proxy136.getMaxNSforOperation(Unknown Source)
    at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:107)
    at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:80)
    at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:68)
    at com.bea.wsrp.consumer.management.ProducerManagerImpl.getProducerServiceDescription(ProducerManagerImpl.java:740)
    at com.bea.jsptools.portal.helpers.wsrp.ProducerRegistryControlImpl.getServiceDescription(ProducerRegistryControlImpl.java:206)
    at com.bea.jsptools.portal.helpers.wsrp.ProducerRegistryControlBean.getServiceDescription(ProducerRegistryControlBean.java:135)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper.getProducerForWsdl(AddProducerHelper.java:758)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper.access$100(AddProducerHelper.java:63)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper$FindProducers.producerWsdl(AddProducerHelper.java:261)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper$FindProducers.run(AddProducerHelper.java:241)
    at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.runAction(AddProducerWizardController.java:628)
    at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.doIfValid(AddProducerWizardController.java:604)
    at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.selectProducerAction(AddProducerWizardController.java:185)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:879)
    at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
    at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
    at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
    at global.internal.AbstractBaseController.internalExecute(AbstractBaseController.java:360)
    at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
    at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
    at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
    at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
    at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
    at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
    at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1129)
    at com.bea.portlet.adapter.scopedcontent.framework.internal.PageFlowUtilsBeehiveDelegate.strutsLookupInternal(PageFlowUtilsBeehiveDelegate.java:43)
    at com.bea.portlet.adapter.scopedcontent.framework.PageFlowUtils.strutsLookup(PageFlowUtils.java:108)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:707)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.processActionInternal(ScopedContentCommonSupport.java:141)
    at com.bea.portlet.adapter.scopedcontent.PageFlowStubImpl.processAction(PageFlowStubImpl.java:108)
    at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiActionHandler.java:111)
    at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:181)
    at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:167)
    at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackData(NetuiContent.java:225)
    at com.bea.netuix.nf.ControlLifecycle$2.visit(ControlLifecycle.java:180)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:324)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
    at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
    at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
    at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:465)
    at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:291)
    at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:219)
    at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:275)
    at com.bea.netuix.servlets.manager.PortalServlet.service(PortalServlet.java:719)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.content.manager.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:178)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpContextFilter.java:60)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.jsptools.servlet.PagedResultServiceFilter.doFilter(PagedResultServiceFilter.java:82)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.rmi.RemoteException: Remote service invocation failed; nested exception is:
    weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
    at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:696)
    at com.bea.wsrp.proxy.ProxyBase.sendMessage(ProxyBase.java:575)
    at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:710)
    at com.bea.wsrp.proxy.WseeProxy.dispatch(WseeProxy.java:76)
    at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:483)
    at com.bea.wsrp.proxy.ProxyBase.isOptionSupported(ProxyBase.java:1211)
    ... 102 more
Caused by: weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
    at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
    at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
    at weblogic.wsee.security.WssClientHandler.processOutbound(WssClientHandler.java:71)
    at weblogic.wsee.security.WssClientHandler.processRequest(WssClientHandler.java:55)
    at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:107)
    at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:132)
    at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:660)
    ... 107 more

 

The Error in the Portal Admin Tool will look something like this:

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
 1. Running the Script for Existing Domains where the WSRP Demo Certificate has Expired
 2. Installing the Patch for New Domain Creation
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.