My Oracle Support Banner

oracle.wsm.common.sdk.WSMException Occurs with Using the oracle/wss11_kerberos_token_service_template in a Custom Policy when Placed Inside an OR Clause (Doc ID 2188186.1)

Last updated on MARCH 13, 2018

Applies to:

Oracle Web Services Manager - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Symptoms

Calling a web service in a separate Domain using the default oracle/wss11_kerberos_token_service-/client_template, the OWSM policies for security work fine.

However, when creating a custom policy and placing the Kerberos assertion inside an OR-clause, the following occurs:

-> If the Kerberos assertion is inside the OR-clause by itself, without other assertions, it works as it should.
-> If the  oracle/wss11_kerberos_token_with_message_protection_service_template is placed with other assertions inside the OR-clause and the other assertion(s) are used for security,  it works as well (with changing the client policy of course).
-> If the  oracle/wss11_kerberos_token_with_message_protection_service_template is placed with other assertions inside the OR-clause and the kerbero assertion is used for security, the following exception is seen:


#### <[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <[severity-value: 8] [rid: 0:1:3] [partition-id: 0] [partition-name: DOMAIN] > oracle.wsm.common.sdk.WSMException: GenericFault : generic error
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.processRequest(XORPolicyExecutor.java:217)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.execute(XORPolicyExecutor.java:176)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:487)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:432)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:385)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:175)
Caused By: java.lang.NullPointerException
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.processEncryptedKeysAndDecryptMessage(Wss11X509TokenProcessor.java:1907)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.decryptMessage(XORPolicyExecutor.java:1703)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.findMatchingAssertionForMsgProtSoap(XORPolicyExecutor.java:950)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.findMatchingAssertionsForMsgWithSecurityHeader(XORPolicyExecutor.java:802)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.findMatchingAssertionsForMessage(XORPolicyExecutor.java:741)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.processRequest(XORPolicyExecutor.java:204)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.execute(XORPolicyExecutor.java:176)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:487)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:432)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:385)


The issue can be reproduced by creating a custom policy and placing the Kerberos assertion inside an OR-clause together with other assertions, then using the Kerberos assertion in the security mechanism of the service.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.