WSRP Demo Certificate Expired with CertificateExpiredException, "Security Token Failed to Validate" or "Unable to Add Security Token for Identity" Errors (Doc ID 1587622.1)

Last updated on JULY 05, 2017

Applies to:

Oracle WebLogic Portal - Version 9.2.0 to 10.3.6 [Release Weblogic Platform to AS10gR3]
Information in this document applies to any platform.

Symptoms

WSRP Portlets stop working due to the following Exceptions on either the Producer or the Consumer.  Note that the exception(s) you see may not be indentical to these exceptions depending on the WebLogic Portal (WLP) version.

Producer Exception:

####<Sep 29, 2013 11:34:53 PM BRT> <Error> <Security> <xxx> <xxx> <[ACTIVE] ExecuteThread: '56' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1380508493583> <BEA-000000> <NotAfter: Sun Sep 29 21:51:52 BRT 2013
java.security.cert.CertificateExpiredException: NotAfter: Sun Sep 29 21:51:52 BRT 2013
       at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:543)
       at com.bea.security.saml2.util.SAML2Utils.getVerifyKey(SAML2Utils.java:522)
       at com.bea.security.saml2.service.sso.AuthnRequestValidator.verifySignature(AuthnRequestValidator.java:59)
       at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:141)
       at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
       at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
       at sun.reflect.GeneratedMethodAccessor672.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
       at $Proxy35.process(Unknown Source)
       at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

 

 

Consumer Exception:

com.bea.wsrp.faults.TransportException: Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@73118c[status: false][msg The SAML token is not valid.]
at com.bea.wsrp.faults.FaultInstanceFactory.getException(FaultInstanceFactory.java:94)
at com.bea.wsrp.proxy.ProxyBase.raiseFault(ProxyBase.java:768)
at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:478)
at $Proxy112.initCookie(Unknown Source)
at com.bea.wsrp.consumer.markup.CookieManager.invoke(CookieManager.java:336)
at com.bea.wsrp.consumer.markup.CookieManager.invoke(CookieManager.java:45)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:85)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:68)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:61)
at com.bea.wsrp.consumer.markup.CookieManager.ensureInitCookies(CookieManager.java:236)
at com.bea.wsrp.consumer.markup.MarkupServicesFacade.ensureInitCookies(MarkupServicesFacade.java:176)
at com.bea.wsrp.consumer.controls.ProxyPortlet.preRender(ProxyPortlet.java:876)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)\

 

 

The following exception may also be thrown when attempting to register a producer handle in the Portal Admin Tool if the WSRP certificate has expired.

 

Note: This exception can also occur for reasons other than an expired WSRP Demo Certificate (for example, if the logged in Consumer user doesn't exist in the Producer you are registering) so it is not unique to this issue.  If you experience this exception, please make sure it's occurring due to an expired WSRP Demo Certificate before proceeding with the solution in this article.  If you have any questions please open a Service Request (SR) with WLP Support.

 

com.bea.wsrp.faults.OperationFailedException: Remote service invocation failed; nested exception is:
    weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity; nested exception is:
    java.rmi.RemoteException: Remote service invocation failed; nested exception is:
    weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
    at com.bea.wsrp.proxy.ProxyBase.isOptionSupported(ProxyBase.java:1233)
    at com.bea.wsrp.proxy.ProxyBase.getPreferredVersion(ProxyBase.java:1096)
    at com.bea.wsrp.proxy.ProxyBase.getMaxNSforOperation(ProxyBase.java:1031)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:446)
    at $Proxy136.getMaxNSforOperation(Unknown Source)
    at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:107)
    at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:80)
    at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:68)
    at com.bea.wsrp.consumer.management.ProducerManagerImpl.getProducerServiceDescription(ProducerManagerImpl.java:740)
    at com.bea.jsptools.portal.helpers.wsrp.ProducerRegistryControlImpl.getServiceDescription(ProducerRegistryControlImpl.java:206)
    at com.bea.jsptools.portal.helpers.wsrp.ProducerRegistryControlBean.getServiceDescription(ProducerRegistryControlBean.java:135)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper.getProducerForWsdl(AddProducerHelper.java:758)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper.access$100(AddProducerHelper.java:63)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper$FindProducers.producerWsdl(AddProducerHelper.java:261)
    at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper$FindProducers.run(AddProducerHelper.java:241)
    at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.runAction(AddProducerWizardController.java:628)
    at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.doIfValid(AddProducerWizardController.java:604)
    at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.selectProducerAction(AddProducerWizardController.java:185)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:879)
    at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
    at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
    at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
    at global.internal.AbstractBaseController.internalExecute(AbstractBaseController.java:360)
    at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
    at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
    at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
    at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
    at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
    at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
    at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1129)
    at com.bea.portlet.adapter.scopedcontent.framework.internal.PageFlowUtilsBeehiveDelegate.strutsLookupInternal(PageFlowUtilsBeehiveDelegate.java:43)
    at com.bea.portlet.adapter.scopedcontent.framework.PageFlowUtils.strutsLookup(PageFlowUtils.java:108)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:707)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.processActionInternal(ScopedContentCommonSupport.java:141)
    at com.bea.portlet.adapter.scopedcontent.PageFlowStubImpl.processAction(PageFlowStubImpl.java:108)
    at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiActionHandler.java:111)
    at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:181)
    at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:167)
    at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackData(NetuiContent.java:225)
    at com.bea.netuix.nf.ControlLifecycle$2.visit(ControlLifecycle.java:180)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:324)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
    at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
    at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
    at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
    at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:465)
    at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:291)
    at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:219)
    at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:275)
    at com.bea.netuix.servlets.manager.PortalServlet.service(PortalServlet.java:719)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.content.manager.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:178)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpContextFilter.java:60)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at com.bea.jsptools.servlet.PagedResultServiceFilter.doFilter(PagedResultServiceFilter.java:82)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.rmi.RemoteException: Remote service invocation failed; nested exception is:
    weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
    at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:696)
    at com.bea.wsrp.proxy.ProxyBase.sendMessage(ProxyBase.java:575)
    at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:710)
    at com.bea.wsrp.proxy.WseeProxy.dispatch(WseeProxy.java:76)
    at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:483)
    at com.bea.wsrp.proxy.ProxyBase.isOptionSupported(ProxyBase.java:1211)
    ... 102 more
Caused by: weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
    at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
    at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
    at weblogic.wsee.security.WssClientHandler.processOutbound(WssClientHandler.java:71)
    at weblogic.wsee.security.WssClientHandler.processRequest(WssClientHandler.java:55)
    at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
    at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:107)
    at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:132)
    at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:660)
    ... 107 more

 

The Error in the Portal Admin Tool will look something like this:

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms