WSRP Demo Certificate Expired with CertificateExpiredException, "Security Token Failed to Validate" or "Unable to Add Security Token for Identity" Errors
(Doc ID 1587622.1)
Last updated on OCTOBER 10, 2023
Applies to:
Oracle WebLogic Portal - Version 9.2.0 to 10.3.6 [Release Weblogic Platform to AS10gR3]Information in this document applies to any platform.
Symptoms
WSRP Portlets stop working due to the following Exceptions on either the Producer or the Consumer. Note that the exception(s) you see may not be indentical to these exceptions depending on the WebLogic Portal (WLP) version.
Producer Exception:
####<Error> <Security> <xxx> <xxx> <[ACTIVE] ExecuteThread: '56' for queue: 'weblogic.kernel.Default (self-tuning)'> <
java.security.cert.CertificateExpiredException: NotAfter: Sun Sep 29 21:51:52 BRT 2013
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:543)
at com.bea.security.saml2.util.SAML2Utils.getVerifyKey(SAML2Utils.java:522)
at com.bea.security.saml2.service.sso.AuthnRequestValidator.verifySignature(AuthnRequestValidator.java:59)
at com.bea.security.saml2.service.sso.SSOServiceProcessor.processAuthnRequest(SSOServiceProcessor.java:141)
at com.bea.security.saml2.service.sso.SingleSignOnServiceImpl.process(SingleSignOnServiceImpl.java:50)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.GeneratedMethodAccessor672.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:27)
at $Proxy35.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:821)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Consumer Exception:
com.bea.wsrp.faults.TransportException: Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@73118c[status: false][msg The SAML token is not valid.]
at com.bea.wsrp.faults.FaultInstanceFactory.getException(FaultInstanceFactory.java:94)
at com.bea.wsrp.proxy.ProxyBase.raiseFault(ProxyBase.java:768)
at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:478)
at $Proxy112.initCookie(Unknown Source)
at com.bea.wsrp.consumer.markup.CookieManager.invoke(CookieManager.java:336)
at com.bea.wsrp.consumer.markup.CookieManager.invoke(CookieManager.java:45)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:85)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:68)
at com.bea.wsrp.consumer.markup.AbstractMarkupService.invoke(AbstractMarkupService.java:61)
at com.bea.wsrp.consumer.markup.CookieManager.ensureInitCookies(CookieManager.java:236)
at com.bea.wsrp.consumer.markup.MarkupServicesFacade.ensureInitCookies(MarkupServicesFacade.java:176)
at com.bea.wsrp.consumer.controls.ProxyPortlet.preRender(ProxyPortlet.java:876)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)\
The following exception may also be thrown when attempting to register a producer handle in the Portal Admin Tool if the WSRP certificate has expired.
com.bea.wsrp.faults.OperationFailedException: Remote service invocation failed; nested exception is:
weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity; nested exception is:
java.rmi.RemoteException: Remote service invocation failed; nested exception is:
weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
at com.bea.wsrp.proxy.ProxyBase.isOptionSupported(ProxyBase.java:1233)
at com.bea.wsrp.proxy.ProxyBase.getPreferredVersion(ProxyBase.java:1096)
at com.bea.wsrp.proxy.ProxyBase.getMaxNSforOperation(ProxyBase.java:1031)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:446)
at $Proxy136.getMaxNSforOperation(Unknown Source)
at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:107)
at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:80)
at com.bea.wsrp.client.ProducerAgentImpl.getServiceDescription(ProducerAgentImpl.java:68)
at com.bea.wsrp.consumer.management.ProducerManagerImpl.getProducerServiceDescription(ProducerManagerImpl.java:740)
at com.bea.jsptools.portal.helpers.wsrp.ProducerRegistryControlImpl.getServiceDescription(ProducerRegistryControlImpl.java:206)
at com.bea.jsptools.portal.helpers.wsrp.ProducerRegistryControlBean.getServiceDescription(ProducerRegistryControlBean.java:135)
at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper.getProducerForWsdl(AddProducerHelper.java:758)
at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper.access$100(AddProducerHelper.java:63)
at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper$FindProducers.producerWsdl(AddProducerHelper.java:261)
at com.bea.jsptools.portal.helpers.wsrp.AddProducerHelper$FindProducers.run(AddProducerHelper.java:241)
at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.runAction(AddProducerWizardController.java:628)
at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.doIfValid(AddProducerWizardController.java:604)
at portalTools.definitions.portletProducers.wizard.AddProducerWizardController.selectProducerAction(AddProducerWizardController.java:185)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:879)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
at global.internal.AbstractBaseController.internalExecute(AbstractBaseController.java:360)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1129)
at com.bea.portlet.adapter.scopedcontent.framework.internal.PageFlowUtilsBeehiveDelegate.strutsLookupInternal(PageFlowUtilsBeehiveDelegate.java:43)
at com.bea.portlet.adapter.scopedcontent.framework.PageFlowUtils.strutsLookup(PageFlowUtils.java:108)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:707)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.processActionInternal(ScopedContentCommonSupport.java:141)
at com.bea.portlet.adapter.scopedcontent.PageFlowStubImpl.processAction(PageFlowStubImpl.java:108)
at com.bea.portlet.adapter.NetuiActionHandler.raiseScopedAction(NetuiActionHandler.java:111)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:181)
at com.bea.netuix.servlets.controls.content.NetuiContent.raiseScopedAction(NetuiContent.java:167)
at com.bea.netuix.servlets.controls.content.NetuiContent.handlePostbackData(NetuiContent.java:225)
at com.bea.netuix.nf.ControlLifecycle$2.visit(ControlLifecycle.java:180)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:324)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursive(ControlTreeWalker.java:334)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:130)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
at com.bea.netuix.nf.Lifecycle.runInbound(Lifecycle.java:184)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:159)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:465)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:291)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:219)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:275)
at com.bea.netuix.servlets.manager.PortalServlet.service(PortalServlet.java:719)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.bea.content.manager.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:178)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpContextFilter.java:60)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.bea.jsptools.servlet.PagedResultServiceFilter.doFilter(PagedResultServiceFilter.java:82)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.rmi.RemoteException: Remote service invocation failed; nested exception is:
weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:696)
at com.bea.wsrp.proxy.ProxyBase.sendMessage(ProxyBase.java:575)
at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:710)
at com.bea.wsrp.proxy.WseeProxy.dispatch(WseeProxy.java:76)
at com.bea.wsrp.proxy.ProxyBase.invoke(ProxyBase.java:483)
at com.bea.wsrp.proxy.ProxyBase.isOptionSupported(ProxyBase.java:1211)
... 102 more
Caused by: weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
at weblogic.wsee.security.WssClientHandler.processOutbound(WssClientHandler.java:71)
at weblogic.wsee.security.WssClientHandler.processRequest(WssClientHandler.java:55)
at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:74)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:141)
at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.java:107)
at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDispatcher.java:132)
at com.bea.wsrp.proxy.ProxyBase.dispatch(ProxyBase.java:660)
... 107 more
The Error in the Portal Admin Tool will look something like this:
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |